Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP Posting-Version: version B 2.10.2 9/17/84 chuqui version 1.7 9/23/84; site nsc.UUCP Path: utzoo!linus!decvax!genrad!wjh12!harvard!seismo!nsc!chongo From: chongo@nsc.UUCP (Landon C. Noll) Newsgroups: net.crypt Subject: Re: Has DES been broken Message-ID: <1823@nsc.UUCP> Date: Sat, 3-Nov-84 23:17:14 EST Article-I.D.: nsc.1823 Posted: Sat Nov 3 23:17:14 1984 Date-Received: Sun, 4-Nov-84 22:39:31 EST References: <120@frog.UUCP> <5527@brl-tgr.ARPA> Organization: National Semiconductor, Sunnyvale Lines: 55 > P.S. If anyone from the NSA wants to give me a hard time about > this discussion, let me remark that everything I have said can be > obtained from unclassified sources. I think it is to the general > benefit of everyone except perhaps the cryptographic agencies to > work toward demonstrably secure cryptosystems for commercial use. Folks who know about the multi-speak one goes through to say: "I neither confirm, nor deny, nor to admit that public comment should, or should have not been said for national security reasons." can understand why people smell a rat in the DES system. The NSA would not admit to the fact that the DES has a trapdoor (so they can read the other guys messages in case they use it), NOR would the NSA admit that the DES is very secure (in case the other guys actually fear that the NSA did have a trapdoor and thus not use it while domestic traffic is secure from the other guys). On the other hand, the NSA might act in such a way as to indirectly admit the truth (the other guys think the NSA wants to fake them out, so they reject the truth), or indirectly give out dis-information (the other guys suspect a double-switch so...). Anyway you get the idea.. [Note: the term: other guys is used as a generic term] The net sum of the above kind of system is: "If in doubt, don't count on it going your way. If dealing with security, then doubt. Therefore don't count on it!" This rule need not apply to encryption of your christmas wish list to mommy, but it might be useful for sending your all your money over a wire. Then again of you always encrypt everything, you wont forget to encrypt things of value, nor will you call attention to an secure message when you need one! But then again if you encrypt everything, you might call attention to youself to such a degree that the other guys try to break all your messages! I think it would be good for the NSA to come out with some testable justification of the DES system. Maybe the folks at arrowwan.UUCP might like to comment or help clear the air on this, but I am not going to wait until they do. Last, let me refer readers to the President's letter on the Communications of the ACM for the past 3 years in regards to the damage National Security has done to research. There is a price paid for National Security, and there is a value gained by it. Discussions about the net result are best done on net.politics. chongo /\??/\ -- "Don't blame me, I voted for Mondale!" John Alton 85'