[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: A little social engineering

Unfortunately, there doesn't seem to be any 'popular' alternatives to
DES that everyone could agree on being mandatory.

  - RC5 is patented by RSA and, I believe, is licensable
  - CAST-128 is patented by Entrust, but free and is relatively new
  - IDEA is patented by ETH and licensable from Ascom Systek

That leaves us with;

  - 3DES is slower than all of the above, but free
  - BlowFish is not that widely used and not that analyzed (Bruce
Schneir would disagree)

[ No slurs intended, since I'm definately not a cryptographer! ]

>From: 	Robert Moskowitz[SMTP:rgm3@chrysler.com]
>Sent: 	Friday, June 20, 1997 12:36 PM
>To: 	ipsec@tis.com
>Subject: 	A little social engineering
>For the moment, my Chrysler and AIAG hats are off, but my first comment as
>the new co-chair.
>Our Default cypher in the docs is 56bit DES, and I am not inclined to
>change it.
>However, perhaps agreement can be reached on a Recommended cypher of
>greater strength.  Now our official policy is we do not concern ourselves
>with any government policy like crypto export.  But if DES is giving us
>problems, 3DES is even worst.  I understand that Isreali companies have
>trouble exporting 3DES code, and no trouble exporting DES.
>So take a look at the various cyphers.  Perhaps we do not have to wait for
>AES to come up with a recommendation.
>Now putting my AIAG hat back on, this is of interest to me...
>Robert Moskowitz
>Chrysler Corporation
>(810) 758-8212