DES encryption with encrypt(3C)

[ShanklandJA]

Doug Gwyn writes:

	The Enigma multi-rotor cipher machine was broken by Allied
	cryptanalysts.  The one-rotor version of crypt(1) is far
	too vulnerable to entrust critical data to.

True.  I wrote that Enigma "served the Nazis so well during WWII"
entirely tongue in cheek, forgetting that neither tongue nor cheek
would make it onto the net.  My apologies.  It is still better
than no encryption at all, and reasonably cheap computationally.

	The modified DES of crypt(3C) is considerably safer, but
	even it is theoretically inadequate for the encryption of
	a large amount of data.  No one should rely on ANY of the
	standard UNIX encryption software to protect life or property.

I'm not qualified to discuss just how safe the DES algorithm is.
I would be interested in finding out what the methods of attack
on DES are, and what kinds of machine resources they require, as
well as what some of the alternative methods of encryption are.
My guess is that under most circumstances, DES is safe enough that
key security becomes the overriding safety issue:  i.e., it would
be easier to tap a phone line over which the key is transmitted or
bribe an employee than to break the code.

My original point, other than to point out the bug in encrypt(3C),
was that whether or not DES is "theoretically inadequate for the
encryption of a large amount of data," it may be *practically inadequate*
in that at 4-5 seconds of VAX 780 CPU time per kilobyte of data to
be encrypted or decrypted, it requires more computational muscle than
many of us can afford to flex.  Another way to look at it is that it
would take about 60% of the VAX's CPU just to keep up with a 1200 bps modem.

		-- Jim Shankland
		   ..!ihnp4!druxy!jas