Can we kill single DES?
stewarts at ix.netcom.com
stewarts at ix.netcom.com
Mon Oct 7 15:47:50 PDT 1996
At 07:50 AM 10/6/96 -0700, Declan McCullagh <declan at eff.org> wrote:
>> >1. Is this a good idea? What will happen if DES becomes perceived
>> > as insecure?
>> That's Declan's department (and other non-clueless journalists - [...]
>This is the meme I've been trying to spread -- that 56-bit DES is *not*
>secure.
In particular, it's N>>20 years old, the NBS originally certified it for
five years, and kept recertifying it primarily because triple-DES was
too slow on the popular bank computers of the time (e.g. cash machines
and then PCs), and hardware implementations of 56-bit DES would need
to be replaced if the algorithm were decertified.
Public-key encryption was developed a few years after DES,
with a solid mathematical background that lets it remain secure today.
It's far more secure than DES but far slower, so it's only been practical
the last few years. Newer encryption technology which is several times
faster and much stronger than DES has been developed over the last decade.
>This cuts through all the rhetoric about differences between key
>recovery and key escrow, who's going to be in this industry alliance, etc.
"Key Recovery" is the latest sleazy meme from the Government.
The only difference from so-called "Key Escrow" is that it's deliberately
obscure about who gets to keep your master keys, while "Escrow" implies
that it's definitely somebody else besides you.
>From the "Eternal Vigilance is Better than Hindsight" department,
we should have seen this coming and done a pre-emptive strike on the term.
One of the papers on Dorothy Denning's web site is a May 20, 1996
SUBJECT: Draft Paper, "Enabling Privacy, Commerce, Security and Public
Safety in the Global Information Infrastructure" from OMB, which
is one of the Clipper 3 announcements, and it uses the term "key recovery".
# Thanks; Bill
# Bill Stewart, +1-415-442-2215 stewarts at ix.netcom.com
# You can get PGP outside the US at ftp.ox.ac.uk
Imagine if three million people voted for somebody they _knew_,
and the politicians had to count them all.
More information about the cypherpunks-legacy
mailing list