Disclaimer: This information comes from sources that cannot be verified. As such, make no assumptions about its completeness or accuracy. We endeavor to keep this information up to date as much as possible. Feel free to send comments/ updates to the Security News Editor.

Keys to the Future They Ain't

23 June 1997, ZDNet

Keys to the Future They Ain't

The news that the Data Encryption Standard was broken by a ragtag band of Netizens is mere confirmation that the aging government standard is virtually worthless as security for trade secrets, government secrets or personal information. The standard was designed to be broken by organizations with very large mainframe farms, organizations such as the National Security Agency, the spy operation that watches the world's data networks.

For several years, intelligence community sources have been telling me that DES takes only minutes to crack, at most, when tested by a large mainframe. That means the U.S. government has had access to virtually all the electronic data interchange taking place across our borders.

Contrary to the hidden message in the broken DES key, "Strong cryptography makes the world a safer place," the real agenda has been to provide strong enough scrambling to prevent all but the elite spy agencies from gaining access to secure data.

But, take heart, there is still relative safety available to Internauts. Triple- DES, 1024-bit RSA and several other standards not so familiar, are still basically secure. The 128-bit SSL encryption in U.S.-only browsers today can be cracked in a matter of years; and in a few years the time necessary to break through that security will be months or minutes.

The operative question with regard to cryptography is: "How much security do you want?" Obviously, a key cracked by a Pentium 90 isn't strong enough. So, you have to raise the budget of a would-be intruder beyond their means. They have to throw computing cycles at your encrypted messages and the more cycles necessary the higher the cost.

Want to keep most people out of your secrets until you are dead? I'd suggest using 1024-bit RSA, or Triple-DES. Want to keep a government or a major oil company or Microsoft Corp. out of your secrets until you are dead? That's probably not possible, even with the best crypto available today.

They have lots of supercomputers around to toss at the problem. The question you have to ask yourself: how much is my data worth?

Mitch Ratcliffe runs Internet/Media Strategies Inc., a business consulting firm in Tacoma, Wash. He can be reached at

godsdog@ratcliffe.com.



[ Back | Home | Products | Security News | Security Links | Download | Resources | Press | Employment | Contact | About ]

CryptoSoft GmbH

Feedback: webmaster@cryptosoft.com
 Copyright ©1995-1998 Cryptosoft GmbH
All Rights Reserved