Security Implications of Using the Data Encryption Standard (DES)
Voir toute la rfc dans une seule page
Page : 19 / 28
Télécharger le PDF
Auteur(s) :
S. Kelly
RFC 4772 DES Security Implications December 2006
It is very important to clearly recognize the implications of this:
botnets are cheap, and there are lots of PCs out there. You don't
need the $15,625 that we speculated would be enough to build a copy
of the EFF system today -- you only need a commodity PC on which to
develop the malware, and the requisite skills. Or, you need access
to someone with those things, and a relatively modest sum of cash.
The game has changed dramatically.
8. Why is DES Still Used?
Obviously, DES is not secure by most measures -- why is it still used
today? There are probably many reasons, but here are perhaps the
most common:
o Backward compatibility - Numerous deployed systems support DES,
and rather than replace those systems, new systems are implemented
with compatibility in mind.
o Performance - Many early VPN clients provided DES as the default
cryptographic algorithm, because PCs of the day suffered a
noticeable performance hit when applying stronger cryptography
(e.g., 3DES).
o Ignorance - People simply do not understand that DES is no longer
secure for most uses.
While there are probably other reasons, these are the most frequently
cited.
Performance arguments are easily dispensed with today. PCs have more
than ample power to implement stronger cryptography with no
noticeable performance impact, and for systems that are resource
constrained, there are strong algorithms that are far better
performers than DES (e.g., AES-128). And while backward
compatibility is sometimes a valid argument, this must be weighed
carefully. At the point where the risk is higher than the cost of
replacement, legacy systems should be abandoned.
With respect to the third reason (ignorance), this note attempts to
address this, and we should continue to make every effort to get the
word out. DES is no longer secure for most uses, and it requires
significant security expertise to evaluate those small number of
cases in which it might be acceptable. Technologies exist that put
DES-cracking capability within reach of a modestly financed or
modestly skilled motivated attacker. There are stronger, cheaper,
faster encryption algorithms available. It is time to move on.
Kelly Informational [Page 19]