ptrei at rsasecurity.com
Thu Jul 31 06:31:50 PDT 2003
> pgut001 at cs.auckland.ac.nz[SMTP:pgut001 at cs.auckland.ac.nz] wrote:
> "Trei, Peter" <ptrei at rsasecurity.com> writes:
> >No info on chaining modes, if any, nor of IV handling.
> DES/ECB, originally with a 40-bit key, more recently with 56-bit and 3DES.
> Keys generated by the manufacturer onto a USB dongle. No easy way to make
> backups of the dongle. It's a messy tradeoff: If you want something like
> laptop/data-theft-protection (which will suit the majority of the market),
> then DES-40/ECB is fine, but you want to be able to back up the dongle
> if that goes (and after multiple insertions and removals it will) you've
> all your data. OTOH if you want protection from the MIB the fragile
> nature of
> the key storage is probably a benefit, but then you want 3DES/CBC to go
> it. At the moment you have laptop-theft-protection crypto and
> key storage.
> You can buy truckloads of these things on ebay for about $20 a pop if you
> to play with one.
Color me dissapointed.
It's a move in the right direction, but I wish they had followed through and
done the right things:
* [AES | 3DES]/CBC with a good distribution of IVs
* User-generated keys (before initial disk setup, of course).
* Shutdown on dongle removal.
* Some kind of PIN or password protection on the dongle.
eNova claims not to keep a database of keys (they don't
say that 'there is no database of keys', which is a little
different), and to get a key copied you have to send it to
them. They do seem to supply a spare.
Back a few years ago, I calculated that with the DES key
search software then available, a single 200MHz machine
could search 40 bits of keyspace over a long weekend.
Today it would take a few hours.
40 bit DES is not secure against your kid sister (if she's
a cypherpunk :-), much less industrial espionage.
"40-bit DES (US Data Encryption Standard) is adequate
for general users"
More information about the cypherpunks-legacy