Date: Mon, 23 Jun 1997 20:47:23 +0200 From: Ollivier Robert <roberto@keltia.freenix.fr> To: hackers@FreeBSD.ORG Subject: Re: RSA5 Encryption Cracked.. Message-ID: <19970623204723.39016@keltia.freenix.fr> In-Reply-To: <Pine.LNX.3.91.970621172229.16392E-100000@zen.cypher.net>; from Ben Black on Sat, Jun 21, 1997 at 05:24:11PM -0400 References: <199706210835.OAA00684@hq.icb.chel.su> <Pine.LNX.3.91.970621172229.16392E-100000@zen.cypher.net>
next in thread | previous in thread | raw e-mail | index | archive | help
According to Ben Black: > i think you mean differential cryptanalysis which under certain > circumstances can reduce the effective keyspace. it is not broadly > applicable and is rather constrained. 3DES (triple DES) will be an > actual gov't standard shortly. Anyway, DES is very immune to differential analysis. When it was designed, many people thought the NSA was installing a back door when they made IBM change the design of the S-Boxes. With the classic 16-round DES, you need 2**47 of chosen-plaintext... Years after, we learned that the NSA and IBM were aware of differential analysis 10 years before it was "discovered" by Shamir and that why DES was modified. All in one, DES is a very good cipher. Showing its age now but still good. > NSA is also releasing a new gov't encryption standard (i forget the name, > starts with A...AES?) I don't think it is coming from the NSA. NIST is writing a paper on what the next government approved cipher should be. I have the URL of the draft at work. It says it should accept key sizes of 128/128, 192/192 and 256/256 bits. See the discussion in sci.crypt. -- Ollivier ROBERT -=- FreeBSD: There are no limits -=- roberto@keltia.freenix.fr FreeBSD keltia.freenix.fr 3.0-CURRENT #20: Fri Jun 13 00:16:13 CEST 1997
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19970623204723.39016>