2

I im taking cryptography classes and learned that the key size of DES is 64 bits. So if the key is array of Alphabetic char, and 1 char takes 8 bits then 64/8 = 8 . So the key can be only 8 char long maximum. Example : aaaaaaaa or acacacac

But when i used openssl to encrypt data using DES it accepts keys more then 8 char long.

root@io:~# openssl enc -des -in data -out data.enc enter des-cbc encryption password: aseaxsasceaceasxaeaxsaceac Verifying - enter des-cbc encryption password:aseaxsasceaceasxaeaxsaceac root@io:~# openssl enc -d -des -in data.enc -out data.plain enter des-cbc decryption password:aseaxsasceaceasxaeaxsaceac

And it accepts even more long keys then i posted here.

1) So my question is what does key size (64 bit) in DES means what point im missing . And
2)If key can be just 64 bit long really then how much time does it takes to crack a 64 bit key if plain text and cipher text is known

Improve this question
3
  • Hi, please check with Cryptography Stack Exchange for this question. If you can't find the answer there, please post your question there. crypto.stackexchange.com Commented Nov 7, 2016 at 8:09
  • 2
    I think you need to read the manual for openssl. The password is not the key. The key is derived from the password. Commented Nov 7, 2016 at 8:14
  • seems like i dont have patience and got an answer from the irc Commented Nov 7, 2016 at 8:40

1 Answer 1

Reset to default
4

First, just to get this out of the way: the key size of DES is not 64 bits in any meaningful sense; only 56 bits are actually used in the encryption or decryption (see Wikipedia). The other 8 bits are for parity (error checking). In practice, they are usually ignored.

The openssl utility's enc operation (or, simply, the enc command itself) expects a passphrase, not a key (unless you use the -K option). The passphrase is turned into a key (of the appropriate length) using a key derivation function. This happens internally; you the user don't really control the process.

Breaking DES is actually pretty easy, due to its 56-bit key length being short enough to brute-force search (trying every key until one works). Modern personal computers will still take months (possibly only weeks for the fastest) in a typical-case scenario. However, dedicated hardware designed for the purpose, or a distributed network of computers, can break a DES key in under a day. Bear in mind that those machines are now a few years old, and Moore's Law is extremely applicable to this kind of brute-force operation; what took tens of thousands of dollars and a day of work eight years ago would today take under a thousand dollars to build, or only a few hours per key.

Improve this answer
1
  • The password mechanism is EVP_BytesToKey with a single iteration of a hash function. Brute-forcing the password would probably be easier (although a 64 bit salt makes rainbow table attacks infeasible). Commented Nov 9, 2016 at 9:59

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.