CDR: why should it be trusted?
matthew gream
matthewgream at hotmail.com
Sun Oct 22 09:16:09 PDT 2000
Your email is very cynical, perhaps too cynical for reality - but we need
cynics to keep reality in check.
> I don't know much about crypto politics, but... isn't it utterly
>obvious that the mere fact that the NSA suggest a certain algorithm (say
>Rijndael) for a national standard and recomends its use internationally
>imply that they have a pretty darn good idea (if not actual technology)
>on how to break it efficiently? I just don't see why else they would
>advocate its use.
The NSA exists in part as a national authority on computer and
communications security, and therefore should recommended an algorithm for
use as a means to protect its citizens and countries national security. By
recommending its use "internationally", I assume that the fine print is that
they recommend it for use by US nationals in an international environment,
not to international users (a subtle but useful distinction, the NSA is a
domestic agency, I don't think it attempts to speak for the world yet).
Ideally, the NSA should be able to break this algorithm when no one else in
the world can, as this would give it an advantage in its signals
intelligence activities - supposedly these are activites used "in the
national interest", for the benefit of citizens and society as a whole -
commerce, etc. Well, society is no utopia and there are many other interests
(relationships with policy in washington, etc), but you know what I mean.
>After all isn't the fact that NSA could break DES since the 70's the reason
>for the 'success' of DES?
Complicated answer. By 'approving' DES, then medium security grade products
procured by the government would presumably have had to have DES and ANSI
conformance before they would be bought by the government. This at least
then made DES a commercial choice for government use and something that
industry had experience with because there is virtually no other choice, and
thence also for financial institutions, and thence eventually more and more
into the public arena as the need for information security products became
more prevalent.
Also, there were few alternatives to DES, and in fact during the 1970s and
1980s, significant academic activity was put into fiestal network research,
S-box research, cipher modes of operation, cryptoanalytic attacks
(differential cryptanalysis, for instance). From this, new symmetric
algorithms, sometimes based on similar design principles to DES, or new
principles investigated as an alternative, were created. You must remember
that a large proportion of DES use in commercial products is outside the
scope of technological paranoics (that is not entirely fair, there are many
objective technologists) and in the scope of money men and corporate
standards conformance and spread sheets - these people are more than happy
with a NSA/NIST approved solution.
What you see in the AES candidates are the fruits of decades of research and
activity partially thanks to DES, but also a result of the age we live in
(in the same way that "people knew the internet was coming, but they didn't
know that it would be the internet", you could say that symmetric,
assymetric ciphers were going to happen, they just happened to be DES and
RSA to start with, the ball has to start somewhere, and it turned out that
DES was a pretty good choice thanks to the skill of Coppersmith and
associates at IBM). Whether the NSA could break DES is up for debate, and
may be known in the future perhaps - what is known now is that the advance
of technology has made DES an uneconomically feasible solution for medium to
high grade risk situations.
As a result of the AES selection, you must also remember that now there are
5 highly valued symmetric algorithms created by world class cryptographers,
and 1 exceptional algorithm. While the AES may be recommended, they are now
alternatives and additional algorithms that could be used for those desiring
increased security (i.e. as wrappers for the AES, or alternatives to the
AES, or whatever).
What you will see in the coming years is a focus on analysing the strengths
and weaknesses of the AES - hopefully this will only further prove that it
is a good candidate. Also, in the same way that 3DES and Ritter style DES
networks were seen as advantageous modes of operation, perhaps additional
AES modes of operation will add a further layer of security that may allay
some concerns about whether the NSA can break the algorithm.
That's my rough answer, no doubt a few people could iron out my bumps.
Best regards,
Matthew Gream
Year 2000 Grand Tour
Madrid, Spain
(enraptured by Goya and his use of diagonal line)
_________________________________________________________________________
Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com.
Share information about yourself, create your own public profile at
http://profiles.msn.com.
More information about the cypherpunks-legacy
mailing list