[7323] in Kerberos
Re: US Export Restrictions
daemon@ATHENA.MIT.EDU (Bill Sommerfeld)
Tue May 21 13:47:01 1996
To: joek@CyberSafe.com (Joe Kovara)
Cc: kerberos@MIT.EDU
In-Reply-To: joek's message of Tue, 21 May 1996 00:52:38 +0000.
<4nr440$bpa@kerby.ocsg.com>
Date: Tue, 21 May 1996 13:33:15 -0400
From: Bill Sommerfeld <sommerfeld@apollo.hp.com>
-----BEGIN PGP SIGNED MESSAGE-----
content-type: text/plain; charset=us-ascii
Yes for DES if the key has 40-bit effective strength.
IBM's CDMF has this attribute: it is a 56-bit key that's been
munged down to 40-bit strength (the munging involves more than
simply masking key bits). No for DES otherwise.
Let's cut the crap.
DES has a fixed-length 56-bit key. If all 56 bits of the key aren't
independantly chooseable, you're not really using DES.
CDMF and similar forms of "expurgated DES" contain DES, but aren't
DES.
Anyone describing the strength of CDMF as similar to that of DES is
engaged in creative marketing, as CDMF is roughly 2**15 times weaker
than DES.
- Bill
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
iQCVAwUBMaH+Ulpj/0M1dMJ/AQE3TwP+Ja6gIUgYerBN4Gr1/S6kSW29VSCVtw4V
SC/bYfrGgR8/CzEGrpG3Pfs4LQdvPhU2nLsPFxCi17Y6V+8/bVLxJff1gZD5ya3H
VRMdZNxqKLrm4wv9hTuiSA8szA42O+e0k//fFxbrraJSet0ZfpJ+M+OA859dloOe
kpQ9mrShab4=
=Ti2j
-----END PGP SIGNATURE-----
