Ernest Hua (Hua@teralogic-inc.com)
Tue, 30 Jun 1998 10:23:05 -0700
When I spoke with the NIST public relations people, they said, in no
uncertain terms, that Skipjack is not a candidate for AES.
Ern
-----Original Message-----
From: Perry E. Metzger [SMTP:perry@piermont.com]
Sent: Tuesday, June 30, 1998 8:00 AM
To: Rich Salz
Cc: CodherPlunks@toad.com
Subject: Re: Cryptoanalysis
Rich Salz writes:
> >When the AES candidates get heavily beaten on, and when one
of them
> >gets the NSA secret handshake, I may feel comfortable with
one of
> >them.
>
> This brings up an interesting point that runs the risk of
going off-topic
> if we're not careful: how would we know that the AES
"competition" isn't
> rigged?
Perhaps it is. It is possible the NSA will leak information to
NIST on
which of the algorithms might have unforseen problems. I would
think
this would be in our interest, quite frankly.
Certainly the submitted ciphers are not "rigged" themselves, and
there
will be more than enough open public scrutiny of them that I'm
not
overly concerned.
> The Skipjack release seems pretty well-timed to get an escrow-
> friendly encryption system accepted by the general public.
Skipjack isn't any more "GAK friendly" than any other encryption
system. The protocols are what makes for GAK, not the algorithm
itself.
I suspect that the timing, although not entirely a coincidence,
was
not designed either to interfere with the AES work or to promote
further use of Skipjack in GAKed products. You will note that
Fortezza
cards no longer do GAK.
In any case, Skipjack is not an AES candidate and does not
qualify to
be an AES candidate. Among other things, the key length is too
short
and the block length is too short.
Perry
The following archive was created by hippie-mail 7.98617-22 on Fri Aug 21 1998 - 17:19:16 ADT