[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

CAST5-128 was: A little social engineering

> From: Robert Moskowitz <rgm3@chrysler.com>
> Our Default cypher in the docs is 56bit DES, and I am not inclined to
> change it.
Agreed.  If we change the ephemeral keys fast enough, that should be
good for data with time value of no more than a day or two.

> However, perhaps agreement can be reached on a Recommended cypher of
> greater strength.  Now our official policy is we do not concern ourselves
> with any government policy like crypto export.  But if DES is giving us
> problems, 3DES is even worst.  I understand that Isreali companies have
> trouble exporting 3DES code, and no trouble exporting DES.
> So take a look at the various cyphers.  Perhaps we do not have to wait for
> AES to come up with a recommendation.
My recommendation is to poke a stick in the sand at CAST5-128.  It
appears to be well designed, is supposedly twice as fast as DES, has
variable size keys that can be long enough (up to 128), is from outside
the USA, and is the right price (free).

We could certainly use it for a few years until AES is defined and
analysed.  But do we trust the AES process?  Look how NBS/NIST weakened
DES from 112 to 56 bit keys 20 years ago!  Folly!

If we state an intention to deploy CAST5-128 widely, then maybe we will
get a few outside analysts to take a hard look at it.

    Key fingerprint =  17 40 5E 67 15 6F 31 26  DD 0D B9 9B 6A 15 2C 32
    Key fingerprint =  2E 07 23 03 C5 62 70 D3  59 B1 4F 5E 1D C2 C1 A2