Robert Hettinga (rah@shipwright.com)
Tue, 21 Jul 1998 09:12:41 -0400
Rodney Thayer likes to say that when the really clueful people are *really*
yelling at you, you're usually right. :-).
So, one more shot at this, and then I'll quit pounding on it.
Let's look at another use of DES, shall we?
If someone offered to sell you *2*DES crypto, claiming it's secure, it
would be genuine snake oil, right? 2DES is an obviously broken cipher, and
we all know that.
Now, if someone tries to sell me single-iteration DES and says that it's
safe, they're selling me, for all intents and purposes, a broken cipher as
a secure one, as surely as if they tried to sell me 2DES. Snake oil, in
other words.
Okay, so it costs me just a little more to break DES than it would to break
2DES, but it's the same thing in terms of accounting materiality. The
concept of materiality in accounting is the equivalent of significant
digits in scientific notation: the cost of a 600-buck broken DES key ain't
much revenue variance on a decent corporate balance sheet, for instance.
Especially if that cost falls by half every 18 months.
After all, folks, snake oil a *business* concept. They don't call it
"selling snake-oil" for nothing, right? I mean, nobody *gives* away snake
oil, they try to *sell* it.
And so, from a *business* standpoint, DES is now snake oil, pure and
simple. Any business which tries to assert, from now on, that their DES
code is safe from anything but kid-sister attacks is either ignorant,
delusional, or lying. And, since crypto is a fairly pessimistic business, I
assume the latter, especially since every cryptographer *I* know wouldn't
be caught dead selling new product with DES in it, and is probably now
scrambling to get rid of their old DES code before the market deluge comes.
Hell, if you want to be cynical about it, think of it as a marketing
opportunity. Whatever you do, don't use DES anymore, or even say that it's
safe to use, because it isn't, and now demonstrably so.
Obviously, DES, as a *component* of something which works, like 3DES, is
just fine. However, DES, sold by itself, like a lot of other very fine
cryptographic components if sold by themselves, is snake oil.
As far as preaching to the choir goes, given that the choir is yelling at
me, loudly, about theology and not science, it sounds to me like they could
stand a little preaching to. :-).
In addition, it's not just me who should be preaching. It's the
cryptographers on these lists who need to go forth and um, evangelize :-):
their clients, cryptographic enthusiasts, the press, and the rest of the
digital commerce community, about the evils of snake oil. *Especially* DES,
because it's so damn ubiquitous, and, in the ultimate perversion of the
government's constitutional defense function, precisely *because* Uncle Fed
likes it so much.
Now, because of Gilmore's efforts, we know for sure why he likes it so
much, and even if all of us knew that, conceptually, before.
DES is DED. Don't buy snake oil.
Hopefully, :-), that's all I'm going to say about this.
Cheers,
Bob Hettinga
-----------------
Robert A. Hettinga <mailto: rah@philodox.com>
Philodox Financial Technology Evangelism <http://www.philodox.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
The Philodox Symposium on Digital Bearer Transaction Settlement
July 23-24, 1998: <http://www.philodox.com/symposiuminfo.html>
The following archive was created by hippie-mail 7.98617-22 on Fri Aug 21 1998 - 17:20:44 ADT