Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP Path: utzoo!mnetor!uunet!husc6!mit-eddie!uw-beaver!tektronix!reed!mdr From: mdr@reed.UUCP (Mike Rutenberg) Newsgroups: sci.crypt Subject: An interesting message from SECURITY-DIGEST@RUTGERS Message-ID: <7449@reed.UUCP> Date: Wed, 7-Oct-87 21:17:56 EDT Article-I.D.: reed.7449 Posted: Wed Oct 7 21:17:56 1987 Date-Received: Sat, 10-Oct-87 18:05:04 EDT Organization: Reed College, Portland OR Lines: 76 Keywords: NSA, DES, STU-III I figured this might be worth reposting. I'm never sure how seriously to take much of the information I see, this being no different, but I find it interesting none the less (they give me something to think about as I brush my teeth). Mike -------------- Start of forwarded message Date: Fri, 25 Sep 87 09:05 EST From: "GLENN EVERHART, 609 486 6328" Subject: Secure phones The NSA is involved in distributing these phones as part of a more general effort to get at least some US companies to have reliable security. The story I've heard (though I don't have it from classified sources) is something like this: 1. DES was originally certified, but was designed with a short enough key that NSA could break it by brute force. (It IS a federal law that no cipher may be used for international traffic that NSA can't break, so the permeability of DES follows from reading the relevant US Code sections.) The classified algorithms are said to differ from DES mainly in the length of their keys. 2. Recently, someone furnished NSA with an efficient DES breaking algorithm. This was said to take 1.5 hrs. on an IBM PC to break a DES cipher. I understand that hard details of this have been classified and NSA does NOT particularly want to confirm this. Still, some NSA employees have confirmed that DES is not nearly as secure as was originally thought. Thus, NSA isn't going to certify DES again, at least not willingly, because they KNOW it's breakable. (It's been suggested that a different key scheduling data area could give a more secure algorithm, but the generator for the key schedulers is not available, at least not readily.) An Australian friend of mine mentioned he saw an article on breaking DES back in '79 or '80 in the Proceedings of the Soviet Academy of Sciences, but has since told me the article deals only with certain classes of keys. (BTW, it also mentions that if you insist on choosing large PRIMES for public key cryptosystems keys, the public key systems become fairly easy to crack also; what's needed are RELATIVELY PRIME numbers, not primes.) 3. Since DES has proven embarassingly easy to crack, and since large amounts of money are "protected" by it, NSA is proposing to let industry use the "real stuff", the algorithms they use themselves, which hopefully are less permeable. To do so, they furnish algorithms and keys (preserving the ability they have by law to decipher the text), but are paying fairly large sums to develop these phones and other boxes. A good deal of custom microelectronics is involved. And this is why you see NSA discussing crypto phones etc. (You are of course aware I trust that ANY phone conversation that gets onto microwave is potentially as open to interception as home radiophones are...and many of thesse links to industry ARE monitored...) I've heard another story someone might comment on: Some US company (I forget which; it's not important) sent a binary copy of an operating system over wire to England. However they used the unix crypt tool on it first, more than once and with different keys. The story is they got a call a few days later from NSA demanding they give NSA the keys used to encipher it. The algorithm is just character XORs with a string. But if you do it several times with strings of lengths that are relatively prime, couldn't the effective string become the product of the key lengths, and quickly grow comparable in size with the original message? Does anyone out there know enough cryptography to tell me whether this is really a super cheap and strong cipher, or whether it's just a minor nuisance for folks who go in for this sort of thing? Glenn Everhart%Arisia.decnet@ge-crd.arpa ----------------- End of forwarded message -- Reed College -- Portland, Oregon -- 503/775-7003 (before 9am)