CDR: RE: Musings on AES and DES

[John Young]

It could be that AES will be used as part of an ensemble
for protecting classified information. The few Type 1 systems
that are publicly described never use only a single algorithm
without supplementary programs for enhancing cryptanalytic
protection. Belt and suspenders and probably additional
support in hardware systems not spelled out.

Presumably there are software and hardware add-ons
which are easily not available and which could counter
known cryptanalytic methods of cracking and of tampering,
some of which have been mentioned here recently.
This would conform to military doctrine which states 
that it must be assumed that the enemy knows everything
you do, but lacks information on when, where and how
you will apply what you know. Thus the need for multiple
strategies, multiple weapons, multiple programs of
disinformation, ploys, strategems, betrayals and theft
of secrets.

Recall the program NSA and CIA runs to break-in to
get what cannot be electronically intercepted. Similarly,
brute force to attack software is matched, indeed, amplified,
by brute force to physically steal. As with the long-standing
practice of the FBI and domestic law enforcement agencies.

So AES could be seen as a consumer assurance technology,
to deter the ordinary burglar and biz-bandit like yourself, but in 
no way impede a global intelligence cartel which believes it has
a right to everybody's private affairs.

Have a read of USSID 18 over at the National Security Archives
which ostensibly prohibits the NSA from spying on Americans.
Parts of it are remarkably similar to gov statements on AES,
the parts that assure trustworthinesss of the authors.

No military professional would believe any such fluff was
anything more than artful deception.

None of these remarks are directed at the AES competitors,
but at the purpose of the public competition and disavowals
that have accrued during it. The fine print, very fine, virtually
invisible ploys.