From owner-freebsd-hackers Mon Jun 23 19:37:43 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.5/8.8.5) id TAA15726 for hackers-outgoing; Mon, 23 Jun 1997 19:37:43 -0700 (PDT) Received: from cypher.net (black@zen.pratt.edu [205.232.115.155]) by hub.freebsd.org (8.8.5/8.8.5) with ESMTP id TAA15695 for ; Mon, 23 Jun 1997 19:37:33 -0700 (PDT) Received: (from black@localhost) by cypher.net (8.8.5/8.7.1) id WAA03687; Mon, 23 Jun 1997 22:38:07 -0400 Date: Mon, 23 Jun 1997 22:38:03 -0400 (EDT) From: Ben Black To: Ollivier Robert cc: hackers@FreeBSD.ORG Subject: Re: RSA5 Encryption Cracked.. In-Reply-To: <19970623204723.39016@keltia.freenix.fr> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-hackers@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk "very immune"? it isn't immune, it is resistant. yes, NSA was aware of differential cryptanalysis when the cipher was designed, but they couldn't eliminate the problem, just reduce it. and that's what they did. as for NIST writing the paper, they are. after all, they are the standards arm of the government. but the algorithm is from NSA. On Mon, 23 Jun 1997, Ollivier Robert wrote: > According to Ben Black: > > i think you mean differential cryptanalysis which under certain > > circumstances can reduce the effective keyspace. it is not broadly > > applicable and is rather constrained. 3DES (triple DES) will be an > > actual gov't standard shortly. > > Anyway, DES is very immune to differential analysis. When it was designed, > many people thought the NSA was installing a back door when they made IBM > change the design of the S-Boxes. With the classic 16-round DES, you need > 2**47 of chosen-plaintext... > > Years after, we learned that the NSA and IBM were aware of differential > analysis 10 years before it was "discovered" by Shamir and > that why DES was modified. > > All in one, DES is a very good cipher. Showing its age now but still good. > > > NSA is also releasing a new gov't encryption standard (i forget the name, > > starts with A...AES?) > > I don't think it is coming from the NSA. NIST is writing a paper on what > the next government approved cipher should be. I have the URL of the draft > at work. It says it should accept key sizes of 128/128, 192/192 and 256/256 > bits. > > See the discussion in sci.crypt. > -- > Ollivier ROBERT -=- FreeBSD: There are no limits -=- roberto@keltia.freenix.fr > FreeBSD keltia.freenix.fr 3.0-CURRENT #20: Fri Jun 13 00:16:13 CEST 1997 >