[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: NSA/NIST Security Lab

At 10:12 AM -0700 9/2/97, Ray Arachelian wrote:

>Uh huh, yeah, we'll be getting the NSA to review security...  Joy.  I can
>see it now.  "Single DES is very safe.  40 bit keys are more than
>enough..."  Even with Bruce on this, it doesn't warm my trust to them...

Now, Ray, you're being too harsh. When NSA/NIST sought the analysis of
Clipper/Tessera several years ago, the distinguished panel met for a
weekend in a D.C. area hotel and concluded...drum roll...that
Clipper/Tessera was secure.

Of course, Matt Blaze broke the Tessera version a few months later....

NSA has long had a dual mission. SIGINT and COMINT to break enemy messages,
and COMSEC to help ensure national security through strong crypto. Code
breakers and code makers.

For government uses, this has worked pretty well, most of us would agree.
ICBM launch codes are apparently secure, submarines can communicate
securely, etc. (Please don't chime in with anecdotes about Walker.)

Some believe they have a role in helping industry to secure its
communications. I don't agree. The NSA has no business getting involved in
business. Period.

NIST (formerly NBS, of course) may have a role, but I doubt even this.

--Tim May

There's something wrong when I'm a felon under an increasing number of laws.
Only one response to the key grabbers is warranted: "Death to Tyrants!"
Timothy C. May              | Crypto Anarchy: encryption, digital money,
[email protected]  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1398269     | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."