At 03:08 AM 10/10/00 -0400, Lucky Green wrote:
John wrote:
NIST has stated that the maximum endorsement will be to use AES for non-classified government information. So the question will remain of what is better than AES, or to put it another way, what is not good enough about AES for its use on classified information.
A more likely explanation of the NSA withholding endorsement of AES for use with classified traffic is that doing so would dejustify the continued existence of the code-making groups at NSA.
That's certainly a big part of it. NSA has also always had the policy that they and only they will decide what's strong enough for military use, partly because they know what they (and possibly the KGB) can crack, and they know that everything the commmercial world offered before DES, and much of which it offered before PGP and before EFF's Deep Crack, was either Snake Oil or DES implementations of varying quality (e.g. some had inadequate random number generators for keys). They also had a policy of not letting their crypto tech out, because that would give the Commies technology as good as theirs, which they desparately didn't want, and while security by obscurity isn't real security, it still helps reduce attacks by less capable cryptanalysts and makes data collection harder for the KGB, or for other people they might want to hide stuff from, like the Brits or French or Israelis. Thanks! Bill Bill Stewart, bill.stewart@pobox.com PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639