[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Thoughts on the NSA's correction to SHA



Forwarded message:
> 
> 
> >The very fact that this correction had to made offers some
> >insights into the National Security Agency.
> >
> >I believe that releasing DES to the public was the biggest
> >cryptography mistake that NSA ever made.  Consider the state of
> >research in cryptology before DES.  It was simplistic.  It was
> >haphazard.  There was little interest.  If any results of value
> >were ever discovered, the NSA could squash them with a secrecy
> >order.  No one cared.
> >
> 
> There is one problem with this analysis: 
> 
>   IBM created DES. Not the NSA. Sure the NSA could have asked them to keep
>   it hidden, but the NSA was also going to IBM and warning them
>   about Russians evesdropping on IBMs networks. Everyone realized it
>   was time for public cryptography. Especially IBM. It is not clear
>   that a secrecy order would have worked. 
> 
> This is not to say that your analysis is wrong. They classified the
> design procedures which was their attempt at a compromise. IBM couldn't
> publish the details of how to make a good algorithm, but they could
> release the details of the standard. 
> 
> 
> 

Well, yes, IBM did create DES.  But the NSA against its better judgment
blessed the effort, and by my guessing helped tremendously.  I have heard
rumors that NSA *does* say it was their biggest mistake, and never again.

There is no way I can prove a rumor, but I put a lot of credence in these
particular rumors.  I speculate that it was Bobby Inman who ordered NSA
to facilitate IBM.