Security Implications of Using the Data Encryption Standard (DES)

Sun, 24 Dec 2006 14:36:21 -0800 

from rfc-editor announcement today

4772 I
   Security Implications of Using the Data Encryption Standard (DES), Kelly S., 
2006/12/22 (28pp) (.txt=68524) (was draft-kelly-saag-des-implications-06.txt)

...

The Data Encryption Standard (DES) is susceptible to brute-force attacks, which 
are well within the reach of a modestly financed adversary.  As a result, DES 
has been deprecated, and replaced by the
Advanced Encryption Standard (AES).  Nonetheless, many applications continue to 
rely on DES for security, and designers and implementers continue to support it 
in new applications.  While this is not always inappropriate, it frequently is. 
 This note discusses DES security implications in detail, so that designers and 
implementers have all the information they need to make judicious decisions 
regarding its use.

... snip ...

rfc 4772 summary
http://www.garlic.com/~lynn/rfcidx15.htm#4772
from http://www.garlic.com/~lynn/rfcietff.htm 

and in the rfc summery, clicking on the ".txt=" field retrieves the actual RFC.

note that there have been (at least) two countermeasures to DES brute-force 
attacks ...  one is 3DES ... and the other ... mandated for some ATM networks, 
has been DUKPT. while DUKPT doesn't change the difficulty of brute-force attack 
on single key ... it creates a derived unique key per transaction and bounds 
the life-time use of that key to relatively small window (typically 
significantly less than what even existing brute-force attacks would take). The 
attractiveness of doing such a brute-force attack is further limited because 
the typical transaction value is much less than the cost of typical brute-force 
attack.

... and a little extra in the same announcement:

4732 I
   Internet Denial-of-Service Considerations, Handley M., IAB, Rescorla E., 
2006/12/22 (38pp) (.txt=91844) (Refs 1058, 1075, 1112, 2349, 2385, 2439, 2827, 
2918, 3261, 3411, 3550, 3618, 3682, 3768, 4251, 4271, 4346, 4566, 4601) (was 
draft-iab-dos-05.txt)

....

This document provides an overview of possible avenues for denial-of-service 
(DoS) attack on Internet systems.  The aim is to encourage protocol designers 
and network engineers towards designs
that are more robust.  We discuss partial solutions that reduce the 
effectiveness of attacks, and how some solutions might inadvertently open up 
alternative vulnerabilities.

... snip ...

rfc 4732 summary
http://www.garlic.com/~lynn/rfcidx15.htm#4732

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Reply via email to