Path: utzoo!utgpu!jarvis.csri.toronto.edu!mailrus!tut.cis.ohio-state.edu!unmvax!pprg.unm.edu!hc!lll-winken!arisia!cdp!caulkins
From: caulkins@cdp.UUCP
Newsgroups: comp.misc
Subject: Re: DES Busting--Let's See Some Pro
Message-ID: <135900005@cdp>
Date: 13 Mar 89 19:52:00 GMT
References: <2151@water.waterloo.edu>
Lines: 16
Nf-ID: #R:water.waterloo.edu:2151:cdp:135900005:000:793
Nf-From: cdp.UUCP!caulkins    Mar 13 11:52:00 1989


I attended a meeting with crypto guru Marty Hellman many years ago
in which he argued strongly for a larger key size for DES.  The
government people present (including those from NSA) argued against
this on the grounds that the key size was large enough.  Hellman made
the same accusation: that they wanted a more easily broken DES.

They denied this.  As far as I know the accusation was never proved,
although it is clear that a larger key would make it lots more secure.
As I recall Hellman was arguing for 100 bits.  All this revolved
around the design of the then-unreleased DES implementations in
silicon.  As far as I know NSA or anyone else has never objected
to making stronger DES implementations in software.  Of course, any
such would be non-standard and thus little used.

Dave C