MjDascombe's Journal: Slashdot Pricks vs. Cryptographic Key Space Entropy

Check out this thread. Scroll down and tell me if you can see a single post that isn't some jumped up kid making an uninformed comment about the keylength of DES.

You would have thought with a community as big as slashdot that atleast 1 person would take the trouble to look into the specifics of what he was posting before shouting his mouth off about something he knows nothing about. But I wouldnt hope for it - this is slashdot, afterall.

Keylength on it's own is irrelevant - You can't tell anything about a cryptographic system purely by the size of it's keyspace without making assumptions about the complexity and security of the underlieing algorythm.

Just using common sence, which is more secure, 56 bit DES or a 128 bit simple XOR? IDEA or a 2048 bit made up snake oil bollocks algorythm?

Admittadly, 56bit DES is now looking a bit dated, but the article did specify that it was a secured DES algorythm. How can you comment on security if you don't know how they've secured it. You can't you protencious pricks. 56 Bit DES for encryption would only be weak if they had used the same 64 bit block for each 8 bytes of data, making a known plaintext attack using the superblock of the filesystem or some other constant possible. But I somehow doubt they've used an 8 byte USB keyring, or they've been stupid enough to make that mistake.

But hey, lets play into your stupid little hands and say they did. A modern, 1Ghz PC can do about 100,000 DES encryptions a second, so lets say your one of these pricks who has more money than sence, and you've got a thousand PCs. And they're all uberl33t ownag3 p4 4Ghz because your daddy bought you the newest kit. That setup would get you around 400M DES/s. Lets round it upto 512M, so that its 2^29. Assuming you find the key in the fist sixteenth of the keyspace, because you're just that lucky, it'll still take you 2^25 seconds, which happens to be around (2^(25-6-6-5-8)), around a year.

So, yes, if you have the most recent software, and 2 million dollars worth of hardware from the future, then you could crack it in a year. If you find this answer suprising, it's probably because your the kind of Megahertz-owns, DES-is-lame, big-number-fanatical nerd that's ruining the scene for everyone who is informed, numerate, and bothers learning about something before mouthing off that 'DES [being crackable by someone with $2M in a year] is worse than a joke'

Doesnt sound like too much of a joke to me, prick.