Rumor: DSS Broken?

[Bill Stewart]

At 08:05 PM 5/19/96 -0800, Jim Bell wrote:
>It should occur to all of us that if the NSA was actually doing the job we 
>are vastly over-paying them to do, it is THEY who should be finding, 
>exposing, and correcting these kinds of cryptography faults.  

They may have; they're just kind of selective in who they expose them to :-)
Also, there are expert cryptographers outside the NSA, and outside the US;
you might check where Dobbertin lives.  And this is a Good Thing.

>Another question:  If the government provided DSS, and it's now toast, 

SHA-1 isn't toast; it's MD5 that might be at least a bit crunchy.
(The NSA gave us SHA, and later added a correction that appears to
make it stronger, unless there's something really subtle and nasty inside.)

DSS isn't toast either, though the subliminal-channel stuff makes it
necessary to look very carefully at any applications to find out what
else is being done with them, which you can't always do.
One of the purposes of DSS appears to be that it provides signatures
without providing encryption, so the Feds can trust the Public to have it.
Except of course that subliminal channels _do_ toast that part of it.

On the other hand, NIST has been saying that DSS isn't covered by any patents,
which the PKP folks had some very negative, skeptical comments about,
before PKP fell apart; it probably still is covered by the Cylink/Stanford
patents until they expire next year, though it's not covered by RSA.
The patent licensing hassles probably have kept a lot of people from using it,
except for specific sales to the government.
#					Thanks;  Bill
# Bill Stewart, stewarts at ix.netcom.com, +1-415-442-2215
# goodtimes signature virus innoculation