Re: R: strong encryption for Europeans

[lum () infoexpress com]

Hello Ming,

As is the case with all network security, one of the primary objectives of 
VPNs is to make attacks impractical, especially in comparison to other 
methods that are available. 

For instance, simple calculation shows that the number of computers required 
to crack a 56 bit DES key in a "reasonable amount of time" would require over 
10,000 Pentium II 300Mhz calibre computers for a month. This assumes that 
half the keyspace needs to be searched, all computers are calculating 
day and night, and each computer cracks about 1.3 million keys per second. 

Assuming that the prorated cost of the computing time is 3% per $3000 
computer for the month, this comes out to $900,000 per successful 
attack. It's worth noting that because the information is encrypted, 
it isn't known whether the information will be useful until after it's been 
cracked. Imagine spending that much effort to retrieve an e-mail 
starting with, "Subject: Health plan update...". 

Also, cracking illicit data is harder than the DES challenge data because 
support must be obtained covertly. I don't think it would be that easy to 
muster up support from an IS department to secretly crack illicit data on the 
scale required.  

In contrast, here are some other means of obtaining similar data: 

1.  Tapping analog phone lines at the corporate site
2.  Tapping leased lines that interconnect corporate WAN sites
3.  Using emr sniffers to monitor keystrokes
4.  Hacking the telco's switch
5.  Hacking the company's switch
6.  Surreptitiously obtaining a password from an employee 
...... etc.

All of these will obtain similar information at a much lower cost than 
cracking 56 bit encryption.

For the record, I think that the US government's stance on exportable 
cryptography is as damaging and ludicrous as anyone else... probably more 
than most considering what we do. 

Nonetheless, when the US raised the bar from 40 bit to 56 bit encryption, 
exportable cryptography became practical if not ideal, especially in 
comparison to other techniques for illicitly obtaining information.

A final note is that the effectiveness of the encryption method also depends 
on its use. For site to site VPNs, longer keys are necessary because more 
data is trasnferred over the same key than are remote user VPN, where the 
amount of data transferrred per key is relatively small. 

Both types of VPNs, however, can change keys periodically in order to 
minimize the number of bytes transferred per key, resulting in a higher cost 
per attack. 

Regards,
Stacey Lum
InfoExpress, Inc.
415.969.9609

> Once upon a time, Chris Lonvick wrote:
> Hello Ming,
>
> They were not exactly attacks.  These were a set of challenges offered
> by RSA Labs (with prizes).  
>
> http://www.rsa.com/rsalabs/97challenge/
> http://www.rsa.com/rsalabs/97challenge/html/status.html
> http://www.frii.com/~rcv/deschall.htm           (winner of DES)
> http://rc5.distributed.net/                     (winner of RC5-32/12/7)
>
> For those that don't wish to follow the URLs, 
>
>   Challenge                  time to crack         Prize
>  RC5-32/12/5   (40bit key)      3.5 hrs          US$ 1,000.
>  RC5-32/12/6   (48bit key)    313   hrs          US$ 5,000.
>  DES           (56bit key)    140   days         US$10,000.
>  RC5-32/12/7   (56bit key)    265   days         US$10,000.
>
> (And there's US$90,000. in prize money left in the other challenges.)
>
> Later,
>
> Chris Lonvick
> Cisco Systems
> Corporate Consulting
> Houston, TX, USA
> +1.713.778.5663
>
> At 06:03 PM 11/24/97 -0500, Ming Lu wrote:
> > Franco:
> >
> > I would like to see reports reagding these successful attacks. I could 
> > not find them at CERT.
> >
> > TIA.
> >
> > On Mon, 24 Nov 1997, Franco RUGGIERI wrote:
> >
> > > Recently (June and October this year), attacks have been successfully
> > > accomplished against DES and RC5 65 bit, by a huge number of computers
> > > coordinated via Internet. Since participation in such effort was voluntary,
> > > I wouldn't define such coordination as *strict*. Thus, we can assume that a
> > > well determined organization would break codes based on keys up to 56 bit
> > > in a reasonable amount of time. Therefore I wouldn't recommend VPNs based
> > > on such systems (RCx, DES and the likes with *short*keys), unless for what
> > > I would dub *minor areas* and for not long lasting applications.
> > > This, of course, IMHO. I would appreciate comments (not flames!) on this
> > > viewpoint of mine.
> > > -------------------------------
> > > Franco RUGGIERI
> > > fruggieri () selfin net
> > [snip]
> >
> > _ming

Regards,
Stacey Lum

InfoExpress