(Original Review, 1981)

In the late 60's, IBM started a research project on ciphers that has produced a lot of good literature and several important cryptosystems. The effort concentrated on a family of ciphers that lent itself to high-speed implementation in hardware (one can imagine the fun second source memory manufacturers will have when the Series H uses an encryption protected fiber optic bus). In January 1976, one of these systems was adopted by the National Bureau of Standards (NBS) as the federal Data Encryption Standard (DES) on sensitive but unclassified data. Cryptanalysis by Whit Diffie, Martin E. Hellman, and others has not found an algorithmic attack any better than a 50% computational savings over an exhaustive search of the keyspace. Unfortunately, the key is only 56 bits, and Diffie and Hellman have calculated that for only 20 megabucks, a computer could build around a million LSI chips each testing a key per microsecond. This system could search the entire key-space in approximately a day, at an average cost of $5,000. This was calculated in 1977, and needless to say it would be much cheaper today, not to mention in the future.

There have been some fairly believable allegations that the National Security Agency (NSA, or No Such Agency), which is responsible for foreign communications intelligence and code-breaking, brought pressure to bear so that the key would be small enough for them to search in the eventuality a foreign power were to use the DES. On the other hand, this indicates that the NSA was not able to cryptanalyticly crack DES, and that those desiring really secure communications can merely use a larger key. Both Diffie and Hellman, and IBM have suggested that multiple encipherment could also improve the security of DES, but it is pretty obvious that its preferable to improve the
standard.

Fortunately, between the IBM research, and the recent public key cryptosystems by Diffie and Hellman, and Ron Rivest, enough technology exists so that anyone desiring to create a secure system should be able to do so. Supposedly, one could, for $100 zillion dollars, build a 'sooper' computer that could decode any encrypted message in about a day. An American friend of mine pointed out that, if one was worried about security, one could run the message through the encoder 'n' times, to give it 64*n bits of encryption. That seemed reasonable to me, as I haven't got the math background to prove/disprove it. And remember that the NBS DES was designed to give reasonable amounts of protection to very large amounts of data, so it had to be FAST, rather than SECURE. One time (bit) pads are the ultimate in security, but require both the sender and the receiver to have the pads before a message can be sent. . . If you want to break security on a time sharing system, do systat to find out who's logged in, then try to log in as them, using a) null passwords, b) all 1&2 letter combinations, c) common female first names, d) English (or Portuguese depending on the system’s origin) words. Several years ago, someone used the word dictionary, the encryption algorithm, and the encrypted password file to break 70% of the accounts on a Unix system.

PS 1. For more information about modern cryptography techniques see: Diffie, W. and M. Hellman, "Privacy and Authentication: An Introduction to Cryptography", Proc. of the IEEE, vol. 67, no. 3, pp. 397-427, March 1979. This paper is a tutorial introduction to modern cryptography and contains one of the best bibliographies of work in this field. If you can’t get the paper, read this Konheim’s primer. It’s pretty good. ( )