[7128] in cryptography@c2.net mail archive
Re: Critics blast Windows 2000's quiet use of DES instead of 3DES
daemon@ATHENA.MIT.EDU (L. Sassaman)
Thu May 18 16:01:36 2000
Date: Wed, 17 May 2000 23:52:01 -0700 (PDT)
From: "L. Sassaman" <rabbi@quickie.net>
To: Matt Blaze <mab@research.att.com>
Cc: Dennis Glatting <dennis.glatting@software-munitions.com>,
John Young <jya@pipeline.com>, John Gilmore <gnu@toad.com>,
cryptography@c2.net
In-Reply-To: <200005180433.AAA20796@fbi.crypto.com>
Message-ID: <Pine.LNX.4.21.QNWS_2.0005172344130.16244-100000@thetis.deor.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Thu, 18 May 2000, Matt Blaze wrote:
> > Who's PGP? Last I looked PGP Inc. was owned by Network Associates, a
> > key recovery alliance member.
> >
>
> Is the KRA still in business? They own kra.org, which according
> to whois appears to have been renewed last month, but http://www.kra.org
> seems to be neglected, returning a "403 Forbidden" error.
I have no idea if the KRA is still in business, and, as an employee of
NAI, I don't really care. It doesn't affect me.
Strong crypto is available. There is nothing that the NSA can do about
that. If they are smart, they have concentrated their efforts on breaking
RSA, Diffie-Hellman and ElGamal, 3DES, CAST5, and IDEA. (Not to mention
the AES candidates).
Circumvention of the security of commercial US products can only go so
far. To do their job, the NSA would need to break the fundamental security
of those products (the cryptographic algorithms themselves) and to date
there haven't been any significant compromises in the ones I have named
reported from the private sector. Is the NSA far ahead of the private
sector? That is speculation... but I have faith in our private
cryptanalysts to atleast identify potential problems.
- --Len.
__
L. Sassaman
System Administrator | "Everything must end;
Technology Consultant | meanwhile we must
icq.. 10735603 | amuse ourselves."
pgp.. finger://ns.quickie.net/rabbi | --Voltaire
-----BEGIN PGP SIGNATURE-----
Comment: OpenPGP Encrypted Email Preferred.
iD8DBQE5I5MZPYrxsgmsCmoRAgVwAKD8X4vNVbabjqmX5zehXWaecVRFOACcDRfe
YbaACdckCn7IMCsUJUuduC4=
=lzmM
-----END PGP SIGNATURE-----
