This article is from the PGP FAQ, by Jeff Licquia firstname.lastname@example.org with numerous contributions by others.
A data encryption standard developed by IBM under the auspices of the
United States Government. It was criticized because the research that
went into the development of the standard remained classified.
Concerns were raised that there might be hidden trap doors in the
logic that would allow the government to break anyone's code if they
wanted to listen in. DES uses a 56 bit key to perform a series of
nonlinear transformation on a 64 bit data block. Even when it was
first introduced a number of years ago, it was criticized for not
having a long enough key. 56 bits just didn't put it far enough out of
reach of a brute force attack. Today, with the increasing speed of
hardware and its falling cost, it would be feasible to build a machine
that could crack a 56 bit key in under a day's time. It is not known
if such a machine has really been built, but the fact that it is
feasible tends to weaken the security of DES substantially.
I would like to thank Paul Leyland <email@example.com> for the following
information relating to the cost of building such a DES cracking
"Efficient DES Key Search"
At Crypto 93, Michael Wiener gave a paper with the above title. He
showed how a DES key search engine could be built for $1 million which
can do exhaustive search in 7 hours. Expected time to find a key from
a matching pair of 64-bit plaintext and 64-bit ciphertext is 3.5 hours.
So far as I can tell, the machine is scalable, which implies that a
$100M machine could find keys every couple of minutes or so.
The machine is fairly reliable: an error analysis implies that the mean
time between failure is about 270 keys.
The final sentence in the abstract is telling: In the light of this
work, it would be prudent in many applications to use DES in triple-
I only have portions of a virtually illegible FAX copy, so please don't
ask me for much more detail. A complete copy of the paper is being
snailed to me.
Paul C. Leyland <firstname.lastname@example.org>
Laszlo Baranyi <email@example.com> says that the full paper is available
in PostScript from:
(cpsr.org also makes it available via their Gopher service)