As I suppose others on the list have pointed out by now, he is just
plain wrong about DES.
DES is not computationally secure in this terminology. It is either
Conditionally Computationally Secure or Weak.
Bear
On Wed, 3 Jan 2001, John Young wrote:
>Last summer, at a workshop on "Security Metrics," conducted
>by NIST's Computer System Security and Privacy Advisory
>Board, Landgrave Smith, Institute of Defense Analysis, reported
>on a pilot study of "the metrics used for determining the
>strength of cryptography."
>
> http://csrc.nist.gov/csspab/june13-15/sec-metrics.html (the workshop)
>
> http://csrc.nist.gov/csspab/june13-15/Smith.pdf (Smith's presentation)
>
>Five catergories of algorithm strength were established for
>the pilot:
>
>Unconditionally Secure (US)
>Computationally Secure (CS)
>Conditionally Computationally Secure (CCS)
>Weak (W)
>Very Weak (VW)
>
>Smith stated: "A cipher is Unconditionally Secure (US)
>if no matter how much ciphertext is intercepted, there
>is not enough information in the ciphertext to
>determine the plaintext uniquely."
>
>No examples for this strength were given, and it was
>not clear from Smith's presentation whether there is
>such a cipher or the category was only provided
>as a theoretical premise.
>
>Question: is there a cipher that is Unconditionally
>Secure?
>
>Mr. Smith defined the other categories:
>
>[Quote]
>
>A cipher is Computationally Secure (CS) if it cannot
>be broken by systematic analysis with available
>resources in a short enough time to permit
>exploitation. Examples: DES and 3 DES.
>
>A cipher is Conditionally Computationally Secure
>(CCS) if the cipher could be implemented with keys
>that are not quite "long enough" or with not quite
>"enough" rounds to warrant a CS rating. Examples:
>SKIPJACK and RSA.
>
>A Weak (W) cipher can be broken by a brute force
>attack in an acceptable length of time with an
>"affordable" investment in cryptanalytic resources
>(24 hours and $200K). No examples.
>
>A Very Weak (VW) cipher is one that can be broken
>by determining the key systematically in a short
>period of time with a small investment (8 hours
>and $20K). No examples.
>
>[End quote]
>
>
>
>
>DES - CS
>3 DES - CS
>SKIPJACK - CCS
>RSA - CCS
>
>
>
>
>
