时间破解DES？这是一个适合脚本小童的任务吗？ [英] Time to crack DES? Is it a task suitable for a script kiddie yet?

问题描述

已经了解AES是首选的加密方法，如果现有的使用DES的代码如果可能的威胁在脚本kiddies的水平上，则重写？ （例如，pkzip密码可以通过非计算机专业人员的免费实用程序破解，所以是这样的吗？）一个快速的google搜索似乎暗示，即使过时的DES仍然需要超级计算机和大量的时间 - ？

Already understanding that AES is the encryption method of choice, should existing code that uses DES be re-written if the likely threat is on the level of script kiddies? (e.g. pkzip passwords can be cracked with free utilities by non-computer professionals, so is DES like that?) A quick google search seems to imply that even deprecated DES still requires a super computer and large quantity of time--or have times changed?

特别是，此 CAPTCHA库使用DES加密在viewstate中发送给用户的质询字符串。

In particular, this CAPTCHA library uses DES to encrypt the challenge string which is sent to the user in viewstate.

推荐答案

对于存储敏感数据，DES是破碎的，所以我一定不会在任何新的，它用于任何用于长期存储任何感兴趣的信息的任何数据（有人将在偷窃中获得国家安全利益的数据）。

DES is broken so far as storing sensitive data, and so I would certainly not use it in anything new, and would replace it in anything used for long term storage of any information of interest (data that someone would have a profit for national security interest in stealing).

可以在几天（或更少）使用低于100,000美元的定制硬件的暴力破坏。

At the moment a DES message can be broken by brute force in a couple of days (or less) using under $100,000 worth of custom hardware.

但有一些关键因素：

硬件是 - 用于快速破解DES密钥的芯片不是在电脑中找到的通用处理器。据说现在可能有一个空间，使用一组Playstation 3或现代一代显卡与GPGPU在合理的时间内破解DES消息，也许将成本降低到15,000美元。

The hardware is custom - the chips used to quickly brute a DES key are not the general purpose processor you'd find in a PC. That being said there is probably room today for using a cluster of Playstation 3s or current generation graphics cards with a GPGPU to crack a DES message in a reasonable amount of time, perhaps bringing down the cost to maybe $15,000.

另一个因素是时间 - 一个DES消息可以在一天内破解，但如果您的CAPTCHA库有一个时间戳，指定任何给定的CAPTCHA响应30分钟的超时，它仍然是有效的（你可以扩展你的硬件，但是你说的是百万）。

The other factor is time - a DES message can be cracked in a day, but if your CAPTCHA library has a timestamp that specifies a 30 minute timeout for any given CAPTCHA response, it would still be effective (you could scale up your hardware, but then you're talking millions).

总的来说，对于非长期存储，DES仍然是安全的script kiddies。

Overall I'd say that for non-long term storage, DES is still secure against "script kiddies".

这篇关于时间破解DES？这是一个适合脚本小童的任务吗？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！