Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP Path: utzoo!mnetor!uunet!nbires!vianet!devine From: devine@vianet.UUCP (Bob Devine) Newsgroups: sci.crypt Subject: Re: An interesting message from SECURITY-DIGEST@RUTGERS Message-ID: <244@vianet.UUCP> Date: Fri, 9-Oct-87 15:49:27 EDT Article-I.D.: vianet.244 Posted: Fri Oct 9 15:49:27 1987 Date-Received: Sun, 11-Oct-87 17:06:20 EDT References: <7449@reed.UUCP> Organization: Western Digital, Boulder Tech Ctr Lines: 61 Keywords: NSA, DES, STU-III Summary: I don't believe it > The NSA is involved in distributing these phones as part of a more > general effort to get at least some US companies to have reliable security. Yes. This is true. The spooks are willing to spend several thousand bucks per black phone for encrypted transmissions. But... > 1. DES was originally certified, but was designed with a short enough > key that NSA could break it by brute force. (It IS a federal law that > no cipher may be used for international traffic that NSA can't break[...]) The sentence about "a federal law" is hogwash. About NSA influencing the NBS to use a 56-bit key so that the NSA could break encryption: well, there have been rumors to that effect because the testing procedures and other verification stuff has never been made public. But what does 'break' really mean? A very short message might be decrypted to an entirely different message. Remember 2 ** 56 is a lot of possible encodings! > 2. Recently, someone furnished NSA with an efficient DES breaking > algorithm. This was said to take 1.5 hrs. on a PC to break a DES cipher. Horsefeathers and hogwash! It takes me > 1.5 hours on my PC to just compile a part of our networking code. > Still, some NSA employees have confirmed that DES is not nearly as > secure as was originally thought. Thus, NSA isn't going to certify > DES again, at least not willingly, because they KNOW it's breakable. It doesn't seem that DES is not secure now. It is that NSA considers the use of DES to be "putting all your eggs in one basket". Even though it is supposed to be used for "sensitive but unclassified" purposes only, everybody is using it. The NBS was not going to re-certify it for a third 5 year period but the ABA (Am. Bankers Assoc) whacked them up side the head because they want to continue using it. The proposed Type II stuff was just too expensive; plus they would have change lots of things. > An Australian friend of mine mentioned he saw an article on breaking > DES back in '79 or '80 in the Proceedings of the Soviet Academy of > Sciences, but has since told me the article deals only with certain > classes of keys. Yeah aren't them Russkies clever? First they break DES then publish the results to rub our Americanski noses in it. :-) Perhaps the keys were what are called the "weak" or "semi-weak" keys? No news here; the folks at IBM in the development of Lucifer described them. > 3. Since DES has proven embarassingly easy to crack, and since large > amounts of money are "protected" by it, NSA is proposing to let > industry use the "real stuff" [...] No the NSA was seeking to gain dominance over encrypted communications and to prevent the "all eggs in one basket" problem if a DES cracker appears. The first reason is repugnant (to me) but the last is understandable. The NSA has enjoyed a resurgence under Reagan administration. Look at the NSDD 145 proposal (which gives NSA and DOD power to set up the national data security rules). That is where the CCEP (Commercial Comspec Endorsement Program) algorithms came from. But lobbying from the ABA and ACLU has resulted in the NSA (in name NBS but NSA pulls the strings) in extending DES certification to at least 1988 when new algorithms will be released. Bob Devine