Other Directory Sites: SeekWonder | Directory Owners Forum
The following archive was created by hippie-mail 7.98617-22 on Fri Aug 21 1998 - 17:19:12 ADT
Perry E. Metzger (perry@piermont.com)
Mon, 29 Jun 1998 13:57:15 -0400
Paulo Barreto writes:
> 2. DES only received this amount of attention because it *was* incorporated
> into production rather early, and in very, very serious applications
No.
DES was very strongly analyzed for a long time before it was made
public -- very amounts of time were put into it *first*.
> 4. Notice that NSA designed Skipjack instead of simply using (3)DES, and
> NIST requested candidates for a (3)DES replacement. This shows that better
> ciphers are possible and desirable.
No one said otherwise. Skipjack apparently recieved *years* of
internal NSA analysis, however. My claim is that you are not being
rational if you take a cipher that has had maybe tens of serious hours
of attempt at cracking it at most and use it in a product, when there
are perfectly fine ciphers out there that have been sufficiently
analyzed to gain some comfort. You've mentioned a number of ciphers
that have certainly not recieved anything like sufficient analysis,
when there are plenty that *have* been beaten on for years.
Arguing that putting the ciphers into serious applications will
encourage people to break them is rather like suggesting that the way
to test a new car safety design is to get someone to drive the car,
personally, into a wall. There are safer mechanisms than this.
Perry
The following archive was created by hippie-mail 7.98617-22 on Fri Aug 21 1998 - 17:19:12 ADT