[67531] in Cypherpunks
Re: Can we kill single DES?
daemon@ATHENA.MIT.EDU (stewarts@ix.netcom.com)
Mon Oct 7 13:56:22 1996
From: stewarts@ix.netcom.com
Date: Mon, 07 Oct 1996 10:31:09 -0700
To: Declan McCullagh <declan@eff.org>
Original-From: Bill Stewart <stewarts@ix.netcom.com>
Cc: cypherpunks@toad.com
At 07:50 AM 10/6/96 -0700, Declan McCullagh <declan@eff.org> wrote:
>> >1. Is this a good idea? What will happen if DES becomes perceived
>> > as insecure?
>> That's Declan's department (and other non-clueless journalists - [...]
>This is the meme I've been trying to spread -- that 56-bit DES is *not*
>secure.
In particular, it's N>>20 years old, the NBS originally certified it for
five years, and kept recertifying it primarily because triple-DES was
too slow on the popular bank computers of the time (e.g. cash machines
and then PCs), and hardware implementations of 56-bit DES would need
to be replaced if the algorithm were decertified.
Public-key encryption was developed a few years after DES,
with a solid mathematical background that lets it remain secure today.
It's far more secure than DES but far slower, so it's only been practical
the last few years. Newer encryption technology which is several times
faster and much stronger than DES has been developed over the last decade.
>This cuts through all the rhetoric about differences between key
>recovery and key escrow, who's going to be in this industry alliance, etc.
"Key Recovery" is the latest sleazy meme from the Government.
The only difference from so-called "Key Escrow" is that it's deliberately
obscure about who gets to keep your master keys, while "Escrow" implies
that it's definitely somebody else besides you.
From the "Eternal Vigilance is Better than Hindsight" department,
we should have seen this coming and done a pre-emptive strike on the term.
One of the papers on Dorothy Denning's web site is a May 20, 1996
SUBJECT: Draft Paper, "Enabling Privacy, Commerce, Security and Public
Safety in the Global Information Infrastructure" from OMB, which
is one of the Clipper 3 announcements, and it uses the term "key recovery".
# Thanks; Bill
# Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com
# You can get PGP outside the US at ftp.ox.ac.uk
Imagine if three million people voted for somebody they _knew_,
and the politicians had to count them all.
