DES - Max Fang's Notes

# Data Encryption Standard (DES) ## "The Legacy of DES" by [[Bruce Schneier]] https://www.schneier.com/blog/archives/2004/10/the_legacy_of_d.html https://archive.is/v2k7i (see original for more history of DES and how the selection process worked) "The NSA’s changes caused outcry among the few who paid attention, both regarding the “invisible hand” of the NSA–the tweaks were not made public, and no rationale was given for the final design–and the short key length." But with the outcry came research. **It’s not an exaggeration to say that the publication of DES created the modern academic discipline of cryptography. The first academic cryptographers began their careers by trying to break DES, or at least trying to understand the NSA’s tweak.** And almost all of the encryption algorithms – public-key cryptography, in particular – can trace their roots back to DES. Papers analyzing different aspects of DES are still being published today. **By the mid-1990s, it became widely believed that the NSA was able to break DES by trying every possible key. This ability was demonstrated in 1998, when a $220,000 machine was built that could brute-force a DES key in a few days.** In 1985, the academic community proposed a DES variant with the same mathematics but a longer key, called triple-DES. This variant had been used in more secure applications in place of DES for years, but it was time for a new standard. In 1997, NIST solicited an algorithm to replace DES. So, how good is the NSA at cryptography? They’re certainly better than the academic world. They have more mathematicians working on the problems, they’ve been working on them longer, and they have access to everything published in the academic world, while they don’t have to make their own results public. But are they a year ahead of the state of the art? Five years? A decade? No one knows. ==It took the academic community two decades to figure out that the NSA “tweaks” actually improved the security of DES. This means that back in the ’70s, the National Security Agency was two decades ahead of the state of the art.==