[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: 40-bit DES



I don't think there's value in creating an Internet standard for
40-bit DES ... or 40-bit anything, for that matter.

 1) whenever anyone has attempted to measure it, the consensus of the
IETF and the IAB has been that IETF security standards should not be
watered down to fit export control requirements.

 2) given (1), and that full-strength DES is mandatory-to-implement
anyway, there's no point in pursuing the standardization of an
algorithm which is simultaneously less secure and slower (the key
setup phase of an expurgated DES will necessarily be slightly slower
than the key setup of real DES).

 3) There's also the "deal with the devil" approach: if you endorse
the government's "key recovery" initiative and are making progress
towards implementing it, the government will allow you to export
unescrowed 56-bit crypto for up to two years.  I am not endorsing this
approach.  

					- Bill