[ previous ] [ next ] [ threads ]
 
 From:  Ryan Giobbi <rgiobbi at zoominternet dot net>
 To:  Peter Curran <peter at closeconsultants dot com>
 Cc:  Manuel Kasper <mk at neon1 dot net>, m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] recommended wireless?
 Date:  Tue, 06 Jul 2004 13:25:05 -0400
http://en.wikipedia.org/wiki/DES#Vulnerabilities

"...a corporation willing to spend 10 million dollars to build a similar 
device today might break DES dozens if not hundreds of times per hour."

I do not know of any more examples other than the few listed in the 
article in 1999.



Peter Curran wrote:

>I think that there are 2 different issues here.
>
>1.  PBKDF1 (and similar) algorithms (such as the one used by Kerberos - ISTR 
>this is a different way of doing the same thing) are really designed at 
>producing a good quality key with minimal entropy.  The idea being that a 
>simple brute-force attack on the whole key space is not 'short-cuttable'.  
>Whilst they may be successful in achieving that objective, they will not help 
>if the user selecting the password chooses a weak example, such as a 
>dictionary word, car registration number or similar.  (I know that you made 
>the caveat about 'usual precautions', but the reality is that these are 
>broadly ignored/unenforceable).
>
>2.  56 bit DES tends to be dismissed as 'too weak'.   Well, I don't know if 
>you have any knowledge of anybody ever having any DES-encrypted data 
>compromised by a brute force attack - I certainly don't.  [password guessing, 
>on the other hand, is sadly familiar].  As you say, a couple of PC's are not 
>going to help much when it comes to attempting a brute-force attack on a 
>56-bit DES encryption.  I think it is a shame that it has become received 
>wisdom that anything with a key length < 128 bits is bad.  For your average 
>man in the street, 56-bit DES is perfectly adequate and likely to remain so 
>for a few years yet.  (I had this problem a few days ago when trying to 
>explain to a company that using plain DES to support Windows/UNIX integration 
>using Kerberos was OK).  They just did not accept it!  Why, because they had 
>seen a TV programme where some pundit had explained that <128-bit == BAD 
>CRYPTO!
>
>Peter
>
>On Tuesday 06 July 2004 15:49, Manuel Kasper wrote:
>  
>
>>On 06.07.2004 15:25 +0100, Peter Curran wrote:
>>    
>>
>>>I think encyrption is intriguing as a solution to the
>>>confidentiality issues,  but as they are using DES on the Netgear
>>>stuff I assume that you have to  pre-configure all the devices with
>>>a shared key.  As this tends to be derived  from a passord it could
>>>be relatively easy to attack.
>>>      
>>>
>>I did a little analysis of HomePlug powerline networking about a year
>>ago. The password hashing is done as per PBKDF1 - it involves using
>>MD5 1000 times, so with the usual password precautions in place, the
>>resulting 56-bit DES key should be good. Also, provided that the
>>implementation in HomePlug doesn't suffer from similar flaws as WEP,
>>56-bit encryption is IMHO enough for home users. I mean, it's not
>>like you can brute-force-search a 56-bit key in a useful amount of
>>time with only a few PCs at hand...
>>
>>- Manuel
>>    
>>
>
>
>  
>