From owner-freebsd-hackers  Mon Jun 23 12:24:52 1997
Return-Path: <owner-hackers>
Received: (from root@localhost)
          by hub.freebsd.org (8.8.5/8.8.5) id MAA24166
          for hackers-outgoing; Mon, 23 Jun 1997 12:24:52 -0700 (PDT)
Received: from mexico.brainstorm.eu.org (root@mexico.brainstorm.fr [193.56.58.253])
          by hub.freebsd.org (8.8.5/8.8.5) with ESMTP id MAA24155
          for <hackers@FreeBSD.ORG>; Mon, 23 Jun 1997 12:24:48 -0700 (PDT)
Received: from brasil.brainstorm.eu.org (brasil.brainstorm.fr [193.56.58.33])
          by mexico.brainstorm.eu.org (8.8.4/8.8.4) with ESMTP
	  id VAA28983 for <hackers@FreeBSD.ORG>; Mon, 23 Jun 1997 21:24:43 +0200
Received: (from uucp@localhost) by brasil.brainstorm.eu.org (8.8.4/8.6.12) with UUCP id VAA32127 for hackers@FreeBSD.ORG; Mon, 23 Jun 1997 21:24:34 +0200
Received: (from roberto@localhost) by keltia.freenix.fr (8.8.6/keltia-uucp-2.9) id UAA01139;
          Mon, 23 Jun 1997 20:47:23 +0200 (CEST)
Message-ID: <19970623204723.39016@keltia.freenix.fr>
Date: Mon, 23 Jun 1997 20:47:23 +0200
From: Ollivier Robert <roberto@keltia.freenix.fr>
To: hackers@FreeBSD.ORG
Subject: Re: RSA5 Encryption Cracked..
References: <199706210835.OAA00684@hq.icb.chel.su> <Pine.LNX.3.91.970621172229.16392E-100000@zen.cypher.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Mailer: Mutt 0.76
In-Reply-To: <Pine.LNX.3.91.970621172229.16392E-100000@zen.cypher.net>; from Ben Black on Sat, Jun 21, 1997 at 05:24:11PM -0400
X-Operating-System: FreeBSD 3.0-CURRENT ctm#3392 AMD-K6 MMX @ 208 MHz
Sender: owner-hackers@FreeBSD.ORG
X-Loop: FreeBSD.org
Precedence: bulk

According to Ben Black:
> i think you mean differential cryptanalysis which under certain 
> circumstances can reduce the effective keyspace.  it is not broadly 
> applicable and is rather constrained.  3DES (triple DES) will be an 
> actual gov't standard shortly.

Anyway, DES is very immune to differential analysis. When it was designed,
many people thought the NSA was installing a back door when they made IBM
change the design of the S-Boxes. With the classic 16-round DES, you need
2**47 of chosen-plaintext...

Years after, we learned that the NSA and IBM were aware of differential
analysis 10 years before it was "discovered" by Shamir and
that why DES was modified.

All in one, DES is a very good cipher. Showing its age now but still good.

> NSA is also releasing a new gov't encryption standard (i forget the name, 
> starts with A...AES?)

I don't think it is coming from the NSA. NIST is writing a paper on what
the next government approved cipher should be. I have the URL of the draft
at work. It says it should accept key sizes of 128/128, 192/192 and 256/256
bits.

See the discussion in sci.crypt.
-- 
Ollivier ROBERT -=- FreeBSD: There are no limits -=- roberto@keltia.freenix.fr
FreeBSD keltia.freenix.fr 3.0-CURRENT #20: Fri Jun 13 00:16:13 CEST 1997