[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: DES Vulnerable, Why?
>Back in 1986-7 there was a major effort to have DES replaced with a
>new encryption standard. I don't recall the name for the program, but
>it had the support of several chip companies (Intel, AMD, etc.) and
>was, I seem to recall, mentioned prominently in the National Computer
>Security Act of 1987.
The Commercial COMSEC Endorsement Program (CCEP). It had two phases,
for type I (classified) and type II (unclassified). The first phase
stalled rather badly, although eventually gives us STU-IIIs and KG-84
knockoffs. As late as 1987 NIST was predicting that the type II
phase wouldn't arrive until 1990. The Clipper chips from Mykotronx
were intended to be part of the type II effort (as can be seen from
the original MYK-78 chip spec and marketing brochures from Mykotronx).
The problem with the type I phase was the duration it took to go from
product proposal approval to prototype completion was a minimum of
32 months. These delays are caused by manpower and support restrictions
residing in the National Security Agency, partly due to bureaucrary.
Theoretically these roadblocks aren't in place for the unclassified
effort managed by NIST. We do see that FIPS PUB 140-1 was only issued
this past January. One wonders in the type II effort has been stalled
purely for bureaucratic reasons.
Clipper/Capstone are actually part of the program.