It seems I made two mistakes. 1) I didn't word my question clearly enough. 2) I posted from my AOL account. (Note that this is sent from a Genuine Hard to Use Unix Machine as Terribly Sophisticated Proof the I am not a Complete Fool...boy, some people are naive.) I try again. Given: 1) Some people worry about the strength of DES. (Correct?) 2) DES is within striking distance of a brute-force attack, this is far-and-away its most serious weakness. (Correct?) 3) 3-DES is nowhere near soon being vulnerable to a brute-force attack. (Correct?) It follows then that: 3-DES is a trivial fix of DES' ills. (Correct?) Now, I repeat my puzzle. If there really was a Great Government Gnashing of teeth over how to replace DES, what was the problem? Is it that 3-DES is too good? (But then why the great worry over DES in the first place? 56-bits is not something easy to break off the shelf. Are we worried about the French or Japanese or somebody?) Something doesn't add up here--and it isn't the fact that one of my six or eight internet addresses is an AOL account. My tentative answer: DES is *generally* too strong for the TLA's taste, but specifically 56-bits worth of DES is too little. They were in a paradox of wanting something the US spooks could read but others can't. But then why the long delay before back-door systems like Clipper are rushed out? It still doesn't add up. Another possible answer: the threat to DES was not its weakness, rather the combination of its *strength* and the fact that regular folks would start using it, a la PGP and RIPEM. When it first came out only banks and stuff were interested, not plain old citizens. In other words, DES' fault was how strong it is. (ObStupidWarning: Yes, 56-bits is too few to really trust, but 3-DES is a trivial variation.) -kb, the Kent who no longer has Perry's permission to post -- Kent Borg +1 (617) 776-6899 kentborg@world.std.com kentborg@aol.com Proud to claim 39:30 hours of TV viewing so far in 1994!