[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: IPv6 Security Last Call Initial Questions

Carl Muckenhirn says:
> It's quite a statement to say that DES "already is dangerously weak", last
> time I checked the national and international banking standards use just
> that.

Actually, the ANSI X9 committee just approved triple DES for the
banking community precisely because they tend to agree with me. Using
a Weiner and Van Oorschot machine, which you can *build* for under
$1million, you can crack DES keys like they were walnuts. Read their
paper yourself if you don't believe me.

> If (as has been implied over and over again) a $1M machine can be built to
> "break" DES, then I would expect that bank profits would be way down by now
> (they wouldn't announce it was through electronic theft of course). 

I suspect that the set of people who both know how to build such
machines and know what to do with them is small. That is not to say
that the situation is safe, however.

> In practice, if we standardized on the Unix random() function and key
> management simply passed around the seeds, 99.9% of the net would never know
> the difference.

They would, because people would keep breaking them.

> For those that are truly worried about security, the standard needs
> to provide them the ability to slip in better cryptography as they
> see fit.


The standard we have already is designed for that. This doesn't mean
that we should go for something even worse than DES for our initial