From: CSBVAX::MRGATE!AWALKER@RED.RUTGERS.EDU@SMTP 25-NOV-1987 03:00 To: EVERHART Subj: something of some interest, subject: breaking DES From: Jose Rodriguez Date: 13 Nov 1987 0917-EST (Friday) To: security@red.rutgers.edu Subject: something of some interest, subject: breaking DES ReSent-Date: 24 Nov 87 16:50:45 EST ReSent-From: *Hobbit* ReSent-To: Security: ; ReSent-Message-ID: <12353250327.28.AWALKER@RED.RUTGERS.EDU> ---------- Subject: Authentication protocols Date: Thu, 12 Nov 87 12:19:21 -0500 From: Craig Partridge Something to think about when using DES.... Date: 12 Nov 1987 11:11-EST From: Eric.Cooper@spice.cs.cmu.edu To: end2end-tf@venera.isi.edu Subject: RE: Breaking DES Here's Evi's response when I asked her a week or so ago: Date: Fri, 30 Oct 87 19:32:32 MST From: evi@boulder.Colorado.EDU (Evi Nemeth) To: Eric.Cooper@SPICE.CS.CMU.EDU Subject: Re: DES breakthroughs? the break is in the diffie hellman key exchange for des based on 127 bits. it was done quite a while ago, solving the discrete log problem for the field 2 ** 127 -1. the work was with ron mullin at the university of waterloo. the actual implementation of the algorithms was done on the denelcor hep supercomputer (since defunct) in 1984. there were several technical papers by mullin and by coppersmith at ibm yorktown on the method of attack. our paper on the implementation which includes a description of the algorithm but not the gory details, was in the proceedings of the international conference on parallel processing in the summer of 1984. i can send you a copy if you dont have access to the proceedings. the paper actually won the best paper award at that conference, no $$, but i got a plaque for my wall and denelcor sold a machine to nsa. the reason i mentioned it to van was that sun has now done two talks at meetings about their security on the network that is based on des using the diffie hellman key exchange in exactly the field that we broke. both times the talk was given by the programmer who is implementing it not the mathematician who decided what to be implemented. i pointed them again to the papers on it; hope a number theorist there actually reads them. evi