[6983] in Kerberos
Re: kerberos security
daemon@ATHENA.MIT.EDU (Bill Sommerfeld)
Tue Apr 2 16:33:20 1996
To: Mark Eichin <eichin@maneki-neko.cygnus.com>
Cc: kerberos@MIT.EDU
In-Reply-To: eichin's message of 02 Apr 1996 14:37:32 -0500.
<xe1ag0u76yr.fsf@maneki-neko.cygnus.com>
Date: Tue, 02 Apr 1996 16:12:57 -0500
From: Bill Sommerfeld <sommerfeld@apollo.hp.com>
-----BEGIN PGP SIGNED MESSAGE-----
content-type: text/plain; charset=us-ascii
Phil's write up is at http://www.qualcomm.com/people/pkarn/export/3des.html
The NSA reps at an X9 meeting several years ago allegedly "promised"
that 3DES would not be exportable; seems they're keeping that
promise...
The actual message to X9 was a masterwork of obfuscation.
Phil Karn references a copy at:
http://lcs.www.media.mit.edu/people/foner/Yenta/NSA-Pans-3DES-for-Banks.html
"We cannot vouch that any of the schemes for doubling the cryptovariable
length of DES truly squares the security."
"US export control policy does not allow for general export of DES
for encryption, let alone triple-DES."
In other words, according to the NSA, DES**3 is simultaneously too
weak, and too strong..
- Bill
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
iQCVAwUBMWGYUlpj/0M1dMJ/AQFQkwP+J9fPwOdT7wZG03qmbOOMuMHckwxFi83O
ipkU690lsrmV5xrO23RwEIPXs5qmFUQ/L8QSH48ZyEXB39EJAkXOY8z2wSsPv+II
G1XX2NQB4IoNX1kZJtYMWFtf3RAgdutQxiCl7J8HWxGisoqBZ9pgnx2zYw7m4Yiw
ueHBTx6+UB0=
=rlFn
-----END PGP SIGNATURE-----
