datatracker.ietf.org
Sign in
Version 5.13.0, 2015-03-25
Report a bug

Security Implications of Using the Data Encryption Standard (DES)
RFC 4772

Document type: RFC - Informational (December 2006; No errata)
Was draft-kelly-saag-des-implications (individual in sec area)
Document stream: IETF
Last updated: 2013-03-02
Other versions: plain text, pdf, html

IETF State: (None)
Consensus: Unknown
Document shepherd: No shepherd assigned

IESG State: RFC 4772 (Informational)
Responsible AD: Russ Housley
Send notices to: scott@hyperthought.com

Network Working Group                                           S. Kelly
Request for Comments: 4772                                Aruba Networks
Category: Informational                                    December 2006

   Security Implications of Using the Data Encryption Standard (DES)

Status of This Memo

   This memo provides information for the Internet community.  It does
   not specify an Internet standard of any kind.  Distribution of this
   memo is unlimited.

Copyright Notice

   Copyright (C) The IETF Trust (2006).

Abstract

   The Data Encryption Standard (DES) is susceptible to brute-force
   attacks, which are well within the reach of a modestly financed
   adversary.  As a result, DES has been deprecated, and replaced by the
   Advanced Encryption Standard (AES).  Nonetheless, many applications
   continue to rely on DES for security, and designers and implementers
   continue to support it in new applications.  While this is not always
   inappropriate, it frequently is.  This note discusses DES security
   implications in detail, so that designers and implementers have all
   the information they need to make judicious decisions regarding its
   use.

Kelly                        Informational                      [Page 1]
RFC 4772               DES Security Implications           December 2006

Table of Contents

   1. Introduction ....................................................3
      1.1. Executive Summary of Findings and Recommendations ..........4
           1.1.1. Recommendation Summary ..............................4
   2. Why Use Encryption? .............................................5
   3. Real-World Applications and Threats .............................6
   4. Attacking DES ...................................................8
      4.1. Brute-Force Attacks ........................................9
           4.1.1. Parallel and Distributed Attacks ...................10
      4.2. Cryptanalytic Attacks .....................................10
      4.3. Practical Considerations ..................................12
   5. The EFF DES Cracker ............................................12
   6. Other DES-Cracking Projects ....................................13
   7. Building a DES Cracker Today ...................................14
      7.1. FPGAs .....................................................15
      7.2. ASICs .....................................................16
      7.3. Distributed PCs ...........................................16
           7.3.1. Willing Participants ...............................17
           7.3.2. Spyware and Viruses and Botnets (oh my!) ...........18
   8. Why is DES Still Used? .........................................19
   9. Security Considerations ........................................20
   10. Acknowledgements ..............................................21
   Appendix A.  What About 3DES? .....................................22
      A.1. Brute-Force Attacks on 3DES ...............................22
      A.2. Cryptanalytic Attacks Against 3DES ........................23
           A.2.1. Meet-In-The-Middle (MITM) Attacks ..................23
           A.2.2. Related Key Attacks ................................24
      A.3. 3DES Block Size ...........................................25
   Informative References ............................................25

Kelly                        Informational                      [Page 2]
RFC 4772               DES Security Implications           December 2006

1.  Introduction

   The Data Encryption Standard [DES] is the first encryption algorithm
   approved by the U.S. government for public disclosure.  Brute-force
   attacks became a subject of speculation immediately following the
   algorithm's release into the public sphere, and a number of
   researchers published discussions of attack feasibility and explicit
   brute-force attack methodologies, beginning with [DH77].

   In the early to mid 1990s, numerous additional papers appeared,
   including Wiener's "Efficient DES Key Search" [WIEN94], and "Minimal
   Key Lengths for Symmetric Ciphers to Provide Adequate Commercial
   Security" [BLAZ96].  While these and various other papers discussed
   the theoretical aspects of DES-cracking machinery, none described a
   specific implementation of such a machine.  In 1998, the Electronic
   Frontier Foundation (EFF) went much further, actually building a
   device and freely publishing the implementation details for public
   review [EFF98].

   Despite the fact that the EFF clearly demonstrated that DES could be
   brute-forced in an average of about 4.5 days with an investment of
   less than $250,000 in 1998, many continue to rely on this algorithm

[include full document text]