[481] in cryptography@c2.net mail archive
Re: AS/400 crypto
daemon@ATHENA.MIT.EDU (Peter Gutmann)
Thu Apr 3 13:45:37 1997
From: pgut001@cs.auckland.ac.nz (Peter Gutmann)
To: JeanPaul.Kroepfli@Utopia.EUnet.fr, cryptography@c2.net
Reply-To: pgut001@cs.auckland.ac.nz
X-Charge-To: pgut001
Date: Thu, 3 Apr 1997 13:18:12 (NZST)
Jean-Paul Kroepfli <JeanPaul.Kroepfli@Utopia.EUnet.fr> wrote:
>David Ryan wrote:
>(My question was: do you know a crypto tool for IBM AS/400, for a bank)
>
>>IBM have software for CISC and RISC machines conforming to ANSI-X 3.92
>>Standard
>>
>>For Version 3, release 3 of CISC: IBM Part number - 5763-cr1
>>For Version 3, release 7 of RISC: IBM Part number - 5716-cr1
>>
>>Hardware wise there are two options (requiring a slot each)
>>128 bit Crypto processor #2620 - but illegal outside of USA/Canada, and
>>CDMF #2628 - which IBM describe as "data scrambling"
>
>So, are the two software products full crypto or american (export) one?
CDMF = Commercial Data Masking Facility, IBM's exportable DES variant (it uses
a 40-bit key which is expanded to a 56-bit key before use) - note that they
were honest enough to call "data masking" rather than "encryption". You can
recover a CDMF key in one day with $745 of FPGA hardware or in one hour for
$15K of hardware (mid '96 prices, these will be lower now). There's a longish
writeup on this sort of thing in the "Attacks on Session Keys" section of a
(currently unpublished) paper I'm working on at
http://www.cs.auckland.ac.nz/~pgut001/icommerce.zip (caveats: It's a zipped
Word for Windows document, and only a draft copy).
Peter.
