Talk:Data Encryption Standard
|
Missing image Cscr-featured.png Featured article star | Data Encryption Standard is a featured article, which means it has been identified as one of the best articles produced by the Wikipedia community. If you see a way this page can be updated or improved without compromising previous work, feel free to contribute. |
Missing image Key-crypto-sideways.png WikiProject on Cryptography | This article is part of WikiProject Cryptography, an attempt to build a comprehensive and detailed guide to cryptography in the Wikipedia. If you would like to participate, you can choose to edit the article attached to this page, or visit the project page, where you can join the project and see a list of open tasks. |
Pending tasks for [[Template:Articlespace:Data Encryption Standard]]: (https://academickids.com:443/encyclopedia/index.php?title=Talk:Data_Encryption_Standard&action=purge) | edit (https://academickids.com:443/encyclopedia/index.php?title=Talk:Data_Encryption_Standard/to_do&action=edit) - watch (https://academickids.com:443/encyclopedia/index.php?title=Talk:Data_Encryption_Standard/to_do&action=watch) - purge (https://academickids.com:443/encyclopedia/index.php?title=Talk:Data_Encryption_Standard&action=purge) | |
---|---|---|
Hardware speeds
I snipped this for now; chips that run at several Mb/s are no longer particularly impressive, crypto-wise, even for Triple DES.
- The DES algorithm lends itself to integrated circuit implementation. By 1984 the Bureau of Standards had certified over 35 LSI- and VLSI-chip implementations of the DES, most on single 40-pin chips, some of which operate at speeds of several million bits per second.
— Matt 13:27, 14 Jul 2004 (UTC)
- Matt, The certification program is itself significant if rather ineffectual given Moore's Law.
- Sure, I'll try and work in a mention of the certification program; giving details of specs is probably a bit redundant now, though, I'm guessing. — Matt 19:52, 14 Jul 2004 (UTC)
- On another point, I seem to recall that Feistel was not a formal member of the team led by Tuchman. Consulting from another project and all... This from my memory of an account by Tuchman.
- I took at least some of the names from a list given by Coppersmith (the "Coppersmith, 1994" reference) as people who'd been on the team developing crypto at IBM; I tried to word it to avoid any suggestion that it was the "DES design team", as, as you point out, it's not really clear whether, e.g. Feistel, was part. — Matt 19:52, 14 Jul 2004 (UTC)
- Great work on this, by the way. I think the infobox is a great idea for presenting the 'executive summary' information. Very nice. The chronology is superb also. But I predict there will be sniping from those parsimonious of words in articles. I've only a few wording nits that I'll get around to sometime. ww 19:02, 14 Jul 2004 (UTC)
- Thanks, glad you like it; can you think of any other "data field" that might be worth including on the InfoBox? Also, where do you think it might get too wordy? — Matt 19:52, 14 Jul 2004 (UTC)
- Matt, I'm not likely to be one of those complaining of too many words; I'm nearly alwasy on the other end of such tussles. As for the infobox, the one thing that strikes me as worth adding (at least now) is an evaluation of status. Not merely such and such an attack has progressed thus and so far, but whether that attack makes the algorithm insecure against that attack and so insecure. One thing Joe User will find useful (even if the details escape) is that evaluation -- if I see this algorithm being claimed to be swell in some ad, I shouldn't take it seriously as the algorithm has been broken. ww 18:58, 19 Jul 2004 (UTC)
- Thanks, glad you like it; can you think of any other "data field" that might be worth including on the InfoBox? Also, where do you think it might get too wordy? — Matt 19:52, 14 Jul 2004 (UTC)
Why 56 bits
I just added a note making it a bit more explicit why 56 bits was an appropriate choice of key length, and not an attempt by the NSA to weaken the cipher. I'm a bit surprised all the material about differential cryptanalysis made it in without anyone explaining that it disproved the conspiracy theories. Metamatic 14:42, 21 Aug 2004 (UTC)
- Your note was:
In fact, 56 bits was exactly the minimum length of key required to ensure that cracking the key by brute force would always be tougher than using differential cryptanalysis. In other words, the NSA had made the key as long as it needed to be in order not to be the weakest link, but no longer.
- Hmm...well, I misread this at first, but it's not quite accurate: 1) The 56-bit key length did indeed prove to be the weakest link in the encryption. A brute force attack on the key remains the only practical way of breaking DES. 2) Out of the two original worries (S-box tampering and key-length shortening), there is evidence for vindicating the NSA on the S-box front, but it's still widely believed that they interfered with they key size. "NSA convinced IBM that a reduced key size was sufficient", and all that. 3) You're saying that the NSA chose 56 bits in order to make brute force search more expensive than differential cryptanalysis (complexity around about 247)? Despite being a strange design strategy (DC is a certificational weakness), do you have evidence that this was NSA's reasoning? — Matt 08:58, 22 Aug 2004 (UTC)
table
you can get rid of all those smalls with a style="font-size:85%" or something, can't you? - Omegatron 01:04, Mar 16, 2005 (UTC)
- Yes, you can, thanks for the tip! — Matt Crypto 12:38, 16 Mar 2005 (UTC)