Abstract:- Despite recent improvements in analytic techniques for attacking the Data Encryption
Standard (DES), exhaustive key search remains the most practical and efficient attack. Key search is
becoming alarmingly practical. We show how to build an exhaustive DES key search machine for $1
million that can perform a known-plaintext attack in 3.5 hours on average. This machine contains 57600
special-purpose DES key search chips. The chip and the rest of the machine have been designed in detail
for the purpose of assessing the resistance of DES to an exhaustive attack; we have no plans to build the
machine. This design is based on mature technology to avoid making guesses about future capabilities.
With this approach, DES keys can be found one to two orders of magnitude faster than other recently
proposed designs.
The basic machine design can be adapted to attack the standard DES modes of operation for a small
penalty in running time. A $1 million machine would take 8 hours on average to find a key used in 1 -bit
CFB mode and 4 hours on average for any of ECB, CBC, 64-bit OFB, 64-bit CFB, or 8-bit CFB mode.
In the past, a concern about key search machines was that they would break down too frequently to
produce any useful results. This is not a problem with current technology. The expected failure rate of
the DES key search machine described here is one failure for every 270 keys found.
If it ever was true that attacking DES was only within the reach of large governments, it is clearly no
longer true. In light of this work, it would be prudent in many applications to use DES in a triple-
encryption mode.