Vulnerabilities
There is a lot of information published on the cryptanalysis of the DES,
but in conclusion the brute force attack ends being the most practical
and efficient attack. There are also three possible theoretical attacks
that are supposed to have a lesser complexity than the brute force attack,
but consist on finding an endless number of texts that might be the solution.
That seems impractical, so no one uses them.
1- Brute Force Attack
Brute Force is the most simple and practical way to break a cipher. It
consists in trying every key combination possible until the right one is found.
Having the right key you can then break the cipher and read what was ciphered.
The number of possibilities is determined by the keys size in bits, since DES
only has a 64 bit key, the number of combinations is rather small and a personal
computer can break it in a few days. This was the main reason why DES lost its
credibility and began not to be used.
2- Attacks faster than Brute Force Attack
None of this kind of attacks are feasible to use in practise, but
they show that in theory the algorithm has some glitches that by now they might
not be a problem, but on the future with the increasing power of the machines
they might become a serious concern.
2.1- Differential cryptanalysis (DC)
Rediscovered by Adi Shamir and Eli Biham back in the 80's, that
claimed that in order to break all the 16 rounds of the DES there were
required 2^49 chosen texts. Since DES was designed to be DC resistant this
was for sure a glitch that could make a faster attack, because the possibilities
are not infinite like in brute force, but still it might be as bad, because the attacker
needs to be lucky to find a suitable text not beyond the 2^49 attempt.
2.2- Linear cryptanalysis (LC)
In 1993 Mitsuru Matsui discovered that using his method there were "only" needed 2^43
Known plaintexts. This was the first reported experimental LC to DES, and although it's
only theoretical it shows once again that DES is breakable specially taking into account that
DES was not designed to deal with this kind of attack.
Still, there are a lot of texts to test, might not be as practical as brute force.
2.3- Davies Attack(DA)
Davies attack was first suggested by Donald Davies in the 80's and was a specialized
attack that only applies to DES. The LC and DC are general attacks suitable for a lot more
algorithms. Davies said that to break the DES it is required 2^50 Known plaintexts with
a success rate of 51%.