[...]... such, there was no need for the microprocessors the “brains” of the computer—to interact with one another Each could be given tasks to perform independent of the others This, Hellman and Diffie responded, meant that the objection to the feasibility of a brute- force attack on the basis of design and control costs did not stand Data Encryption Standard 17 Another matter of concern was the reliability of the. .. on the cipher proposed as the data encryption standard (DES) NBS held two workshops in 1976 to deal with the objections raised by Hellman and Diffie These were working meetings where cryptographers from across the country would be able to discuss the thorny issues around the proposed data encryption standard face-to-face As part of their objections, Hellman and Diffie proposed the design of a special-purpose... the committee on Retail and Banking and the Financial Institution Wholesale Security Working Group—saw the adoption of DEA and established their own requirements to use the same Data Encryption Standard produced by the NBS effort In view of this activity, the American Bankers Association developed its own (voluntary) standard around the DES algorithm The Interna- Data Encryption Standard 21 tional Standards... evaluating the strength of the Lucifer algorithm After careful analysis, NSA proposed two significant changes The first was a change in the algorithm’s S-boxes S-boxes are the part of the algorithm that control how the data are permutated as they move from step to step along the process of being converted from the readable message to the encrypted result (or vice-versa), much like the rotors of Enigma The second,... an article in the November 1978 issue of IEEE Communications Society about the process of forming the Data Encryption Standard. 12 In it, she wrote that the workshops determined that DES was satisfactory as a cryptographic standard for the next ten to fifteen years Interestingly, she specifically observed that, the risks to data encrypted by the DES will come from sources other than brute- force attacks.”... a key If you then give the system to a group of attackers to unlock the system, they will probably set the lock to 1, pull it, moving on to 2 if it doesn’t work, and so on, until they unlock it The group can also try them all at random if they like Even if the group employs both strategies, the result will be the same in the long run If we record the number of attempts that it takes for the attackers... published its official standard in the Federal Information Processing Standard series, a group of regulations and standards that all of the agencies in the Federal government must follow At long last, FIPS 46, titled Data Encryption Standard, ” was released.11 A private, non-profit industry association, the American National Standards Institute (ANSI) had (and still has) a committee to handle the standardization... though finding those twenty—akin to brute- force decryption—would take dramatically more time than finding ten.) The difference in the cost of operation of a 128-bit system and a 56-bit system was negligible, but the payoff in terms of greater security was significant Finally, NBS argued that there simply was no way to tell for sure when the right key had been found in a brute- force search, even if someone took... a 56-bit key could not provide adequate security against a dedicated attacker They recommended devices that would support variable key lengths Allowing users to choose their own key lengths would allow them to decide for themselves whether the extra security of the larger keys was worth the extra time needed for the encryption and decryption processes NBS didn’t stop with consideration of DES -cracking. .. ultimately ignoring the warnings issued by the outsiders from Stanford and effectively declaring no need for a safety margin Whitfield Diffie and Martin Hellman documented their objections to the 56-bit key of the DES cryptographic algorithm in an article published in the June 1977 issue of IEEE Computer Their article, “Exhaustive Cryptanalysis of the NBS Data Encryption Standard, ” described a special-purpose machine . Cataloging-in-Publication Data Curtin, Matt. Brute force : Cracking the data encryption standard / Matt Curtin. p. cm. Includes bibliographical references and index. ISBN 0-3 8 7-2 010 9-2 (alk. paper) 1 together could rival the machine- building power of the government. This book is the story of how they proved the government was lying, twenty years after the lie, and by doing so, energized the. Peter Trei for suggesting the demonstration of a brute force attack on the Data Encryption Standard and to RSA for sponsoring the contest that at long last demonstrated the weakness of DES. I also