Hacker News new | ask | show | jobs
by lifeguard 4717 days ago
Well, it is documented that the NSA made DES weaker by using less bits for key size (this makes brute forcing easier). I aslo noted that Schiener's AES submission was passed over (I speculate that Rijndael is easier to brute force).

The feds used to fight civilian crypto tooth and nail. Then they allowed it, and in one of the crypto books a story was related that the feds were bummed about RSA and friends. The listener questioned why, when surely their efforts were feeble compared to the government's. The response was the pace of development was much faster than expected.
3 comments
twoodfin 4716 days ago
The NSA, working with IBM, also made DES more resistent to differential cryptanalysis, which was not widely understood at the time.
link
gizmo686 4716 days ago
The change the NSA made was to replace the s-boxes used with ones that made using differential crypto analysis slightly less efficient than brute force. As it happens, the s-boxes provided by the NSA were also among the worst 9%-16% possible with respect to linear crypto analysis. "A software implementation of this attack recovered a DES key in 50 days using 12 HP9000/735 workstations" [1]. I do not know the specs of said workstations, but for reference the book claims that was the fastest attack at the time of writing (1996).

This is not to say that the NSA was aware of linear crypto analysis when they made their recomendation. Indeed the fact that their s-boxes also happened to be just good enough to beet differential, and the fact that an independent government investigation (the details of which are classified) cleared them of wrongdoing, are enough to convince that they did not intend to introduce a hole. Furthermore, the NSA has also now published the requirements they used to generate their s-boxes. Schneier suggests in his book that the s-boxes were weakened unintentionally by the act of introducing structure to them, without knowing to defend against linear analysis.

[1] Bruce Schneier, Applied Cryptography

link
jpdoctor 4716 days ago
> also made DES more resistent to differential cryptanalysis

Was that the result of the last-minute "black box" change? I never heard the result of that, so any light you shed would be welcome.

link
ReidZB 4716 days ago
Correct. The NSA suggested changes in the DES S-boxes, which led to many questions. Ultimately, what was discovered is that their changes strengthened DES, not weakened it, as some had feared.

You can read more about their involvement here: http://crypto.stackexchange.com/questions/16/how-were-the-de...

link
jpdoctor 4716 days ago
Very interesting, and not exactly news, which tells you the last time I looked at this. Obviously, I'm a dinosaur.

Thanks for the pointer.

link
barbs 4716 days ago
> The feds used to fight civilian crypto tooth and nail.

Curious. I'd like to read about this. Can anyone post any links?

link
IvyMike 4716 days ago
Read up on the Clipper chip: A chip which sort of being promoted to be the "official" way to do crypto in the US. Specifically designed to be decryptable by the NSA via "key escrow".

https://en.wikipedia.org/wiki/Clipper_chip

It died when Matt Blaze figured out a way to trick the clipper chip doing encryption that the NSA could NOT decrypt.

link
rozap 4716 days ago
" Then-Senators John Ashcroft and John Kerry were opponents of the Clipper chip proposal, arguing in favor of the individual's right to encrypt messages and export encryption software."

Wow. What happened?

link
Zelphyr 4716 days ago
Just do a search for Phil Zimmermann and what they did to him in the 90's for having the audacity to create PGP.
link
wlesieutre 4716 days ago
http://www.loundy.com/Roadside_T-Shirt.html is one example, there are probably others. It ended up going in a sane direction, but it's a bit crazy to imagine in hindsight.
link
IvyMike 4716 days ago
More illegal crypto T-Shirts: http://www.cypherspace.org/adam/uk-shirt.html

This was one of my favorite shirts, but it finally gave up the ghost a few years ago.

link
pyre 4716 days ago
Many developers that worked on crypto would cross the border into Canada to meet up and work on crypto to get around the export restrictions (crypto software was classified as a weapon; exporting it could get you the same punishment as exporting a missile).
link
hvs 4716 days ago
Read "Crypto: how the code rebels beat the government, saving privacy in the digital age" by Steven Levy. He outlines the whole story of public crypto until about 2000. Good read, too.
link
santosha 4716 days ago
'I speculate that Rijndael is easier to brute force' On what basis?
link
ReidZB 4716 days ago
Well, I guess Rijndael is "easier" to brute force in that it's faster than Twofish. But "easier" to brute force doesn't mean a whole lot; AES-192 is easier to brute force than AES-256, but both are so outside the realm of current-day computation than it doesn't really matter.
link
jasonm23 4716 days ago
Just as a matter of interest, re: the new bitcoin boxes like the butterfly http://arstechnica.com/gadgets/2013/06/how-a-total-n00b-mine...

Do these put a different slant on the whole "current-day computation" angle? Not necessarily these machines, but isn't it feasible that custom hardware could be manufactured using current tech, that upsets the notion of AES brute force feasibility?

Edit:

No. https://bitcointalk.org/index.php?topic=121264.0

link