Emphasizing a point by Donald Eastlake re key recovery
Carl Ellison
cme at cybercash.com
Wed Sep 24 10:51:47 PDT 1997
-----BEGIN PGP SIGNED MESSAGE-----
At 09:34 AM 9/23/97 +0100, Ross Anderson wrote:
>There is also the point that the vast majority of encryption keys are
>actually used for authentication rather than confidentiality. The keys
>that encrypt your bank card PIN en route from the ATM to the bank, the
>keys in your satellite TV decoder, the keys in your gas meter and your
>postal meter - in fact the majority of all DES keys in use - are about
>authentication. In theory most of them could be replaced by digital
>signature mechanisms but given the size of the installed base, it
>won't happen anytime soon.
For what it's worth, I once got an opinion from NSA's export control office
that I could use any kind of crypto I wanted (e.g., even triple-DES) if all
I'm doing is protecting a channel carrying a password (like the PIN),
because that's an authentication function and therefore to be encouraged. I
didn't get this in writing, however, so I'd have to go for it again.
- Carl
-----BEGIN PGP SIGNATURE-----
Version: PGP for Personal Privacy 5.0
Charset: noconv
iQCVAwUBNCkgkFQXJENzYr45AQF9EAP+Lx54AGJVvr9nOgGEaFYgMyTYFsalnPV9
3ZhqCIc6DDbjGBPf7r20SYUwz+3mhLeGLjlHleltXoT/coAChL/vSnqL0Q9/gpRI
w11Sg32vFi/6Fr8fNWgEcMtmuIIZS/QSRt3hj8p0cc6UN2bjWevD97/brWhVjWYl
hNdlUrgPpHw=
=l1tu
-----END PGP SIGNATURE-----
+------------------------------------------------------------------+
|Carl M. Ellison cme at cybercash.com http://www.clark.net/pub/cme |
|CyberCash, Inc. http://www.cybercash.com/ |
|207 Grindall Street PGP 2.6.2: 61E2DE7FCB9D7984E9C8048BA63221A2 |
|Baltimore MD 21230-4103 T:(410) 727-4288 F:(410)727-4293 |
+------------------------------------------------------------------+
More information about the Testlist
mailing list