[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Can we kill single DES?



At 07:50 AM 10/6/96 -0700, Declan McCullagh <[email protected]> wrote:
>> >1. Is this a good idea? What will happen if DES becomes perceived
>> >    as insecure?
>> That's Declan's department (and other non-clueless journalists - [...]
>This is the meme I've been trying to spread -- that 56-bit DES is *not*
>secure. 

In particular, it's N>>20 years old, the NBS originally certified it for
five years, and kept recertifying it primarily because triple-DES was
too slow on the popular bank computers of the time (e.g. cash machines
and then PCs), and hardware implementations of 56-bit DES would need
to be replaced if the algorithm were decertified.  

Public-key encryption was developed a few years after DES,
with a solid mathematical background that lets it remain secure today.
It's far more secure than DES but far slower, so it's only been practical
the last few years.   Newer encryption technology which is several times 
faster and much stronger than DES has been developed over the last decade.

>This cuts through all the rhetoric about differences between key
>recovery and key escrow, who's going to be in this industry alliance, etc. 

"Key Recovery" is the latest sleazy meme from the Government.
The only difference from so-called "Key Escrow" is that it's deliberately
obscure about who gets to keep your master keys, while "Escrow" implies
that it's definitely somebody else besides you.

>From the "Eternal Vigilance is Better than Hindsight" department,
we should have seen this coming and done a pre-emptive strike on the term.
One of the papers on Dorothy Denning's web site is a May 20, 1996
SUBJECT: Draft Paper, "Enabling Privacy, Commerce, Security and Public
Safety in the Global Information Infrastructure" from OMB, which
is one of the Clipper 3 announcements, and it uses the term "key recovery".



#			Thanks;  Bill
# Bill Stewart, +1-415-442-2215 [email protected]
# You can get PGP outside the US at ftp.ox.ac.uk
  Imagine if three million people voted for somebody they _knew_,
  and the politicians had to count them all.