In today’s #WayBackWednesday, our 8-bit history lesson focuses on Lucifer. Lucifer was one of the first, modern, civilian-developed cryptographic cyphers. First variants were developed in 1971, and it was submitted by IBM as a candidate to become NIST’s recommended Data Encryption Standard (DES).
At the time, Lucifer had the possibility of three different key sizes: 48, 64 and 128. The version IBM submitted for DES had a 64 bit key. NIST accepted Lucifer as a candidate, but first worked with the U.S. National Security Agency (NSA) to reduce the key size to 56 and to harden it against differential analysis. It became the official DES standard in 1976. https://en.wikipedia.org/wiki/Lucifer_(cipher)
Some might ask, why a 56 bit key? With a 56 bit key, this reduced the overall problem space to brute force an encrypted message. It is claimed that this was strong enough to prevent *most* adversaries from being able to successfully decrypt a message without having the original key. https://en.wikipedia.org/wiki/56-bit_encryption
Brute force is not the only type of attack that you can make against an encrypted payload. Check out Alexander’s presentation from BSides Munich 2023: “Cracking the chaos ransomware family”. It is an excellent example of how a weakness in an applied cryptography can lead to complete compromise. https://youtu.be/CQ0J_LViyrM?feature=shared
#BSidesMunich2024
BSidesMunich 8-Bit :: Forged by HI