From owner-freebsd-doc@FreeBSD.ORG Tue Mar 29 08:51:03 2005 Return-Path: Delivered-To: freebsd-doc@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6A8E016A4CE for ; Tue, 29 Mar 2005 08:51:03 +0000 (GMT) Received: from hutcs.cs.hut.fi (hutcs.cs.hut.fi [130.233.192.7]) by mx1.FreeBSD.org (Postfix) with ESMTP id EAE3A43D2D for ; Tue, 29 Mar 2005 08:51:02 +0000 (GMT) (envelope-from kirma@cs.hut.fi) Received: from kirma (helo=localhost) by hutcs.cs.hut.fi with local-esmtp (Exim 4.30) id 1DGCRB-0002yu-Qs for doc@freebsd.org; Tue, 29 Mar 2005 11:51:01 +0300 Date: Tue, 29 Mar 2005 11:51:01 +0300 (EEST) From: Jari Kirma To: doc@freebsd.org Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Subject: bdes(1) maybe a bit out of date? X-BeenThere: freebsd-doc@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Documentation project List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 29 Mar 2005 08:51:03 -0000 The following paragraph on bdes(1) manual page might give a wrong impression regarding the practical security of (one-time) DES encryption these days: "The DES is considered a very strong cryptosystem, and other than table lookup attacks, key search attacks, and Hellman's time-memory tradeoff (all of which are very expensive and time-consuming), no cryptanalytic methods for breaking the DES are known in the open literature. No doubt the choice of keys and key security are the most vulnerable aspect of bdes." Sure, DES is cryptographically reasonably strong, but 2^56 key space has been considered vulnerable to exhaustive key search for several years. Triple DES is safe, but it seems bdes doesn't implement it. Maybe the above paragraph should be toned down, or a warning should be added. -kirma