[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
> From: "Perry E. Metzger" <email@example.com>
> "William Allen Simpson" writes:
> > Agreed. If we change the ephemeral keys fast enough, that should be
> > good for data with time value of no more than a day or two.
> I disagree. See the "Big Seven" paper:
I've read it. In some retrospect, you are correct; it not only depends
on the time value of the data, but also the size of the attacker.
Since you are in an industry where a few million $ here and there is no
problem, you are saying that we need a _basic_ protection against large
corporations and major governments?
That is, are you saying we should abandon DES as mandatory?
> > My recommendation is to poke a stick in the sand at CAST5-128.
> Unfortunately, it is too new. I'd say we mandate DES as we do now, and
> recommend 3DES, which has a very solid amount of research behind
> it. CAST is probably a good idea in a couple of years when its been
> beaten up more.
That's why I'd poke a stick in the sand. A direction.
It sounds to me like you want something "sooner".
> > We could certainly use it for a few years until AES is defined and
> > analysed. But do we trust the AES process? Look how NBS/NIST weakened
> > DES from 112 to 56 bit keys 20 years ago! Folly!
> They didn't weaken it, Bill. It turns out that because of Differential
> Cryptanalysis, LUCIFER had an inherent strenth that was far lower than
> the number of keys. They only made the key length correspond to reality.
Mea Culpa, I went back and re-read Schneier on Lucifer, and you are
Funny how it is the "urban legend" that one remembers most clearly.
I still don't trust secret design criteria and analysis! Let's remember
that we are designing for the Internet, not the US NIST. Open, rough
consensus, running code.
Key fingerprint = 17 40 5E 67 15 6F 31 26 DD 0D B9 9B 6A 15 2C 32
Key fingerprint = 2E 07 23 03 C5 62 70 D3 59 B1 4F 5E 1D C2 C1 A2