[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Notes from NIS&T Key Escrow Export conference.



>"If keys are escrowed, what purpose does a 64 bit limit serve?"

This question was asked, it seems like a zillion times, but
probably no more than four or five times.

It is a bit of a belt and suspenders idea. But it also shows how
scared they are about real encryption.

It is clear that this meeting is a shame. Everyone in industry
says it won't be marketable. The Govies say it will be great.
What they really want is to force weak crypto on the US by
forcing the vendors to make a weak product "for export" when
all the vendors say that they have to have _only one_ version.
If they have one version, and it is weak, we are safe from
drug dealers, pedophiles and terrorists.

(BTW, I'm used that phrase yesterday, so it should be in the Federal
register's offical record.)

>Secondarily, I observe that this apparently precludes the use of OTP.

No, they don't care about the cipher, only the key length,
But with a 64bit, GAK'd key, you can't say much without repeating
the P, and that makes it a TTP or a FTP (two time pad, or four time pad)
which isn't very useful.  You probably can gzip "attack at dawn" to
64 bits, but not much more.

Pat

Pat Farrell      grad student        http://www.isse.gmu.edu/students/pfarrellA
Infor. Systems and Software Engineering, George Mason University, Fairfax, VA
PGP key available via finger or request           #include standard.disclaimer
Z~v
:$