[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Rest of World encryption hardware products?

To: Bill Sommerfeld <sommerfeld@orchard.arlington.ma.us>
Subject: Re: Rest of World encryption hardware products?
From: Alex Alten <Andrade@ix.netcom.com>
Date: Wed, 10 Jun 1998 00:47:41 -0700
Cc: Stephen Waters <Stephen.Waters@digital.com>, ipsec@tis.com
In-Reply-To: <199806091548.LAA01720@thunk.epilogue.com>
References: <Your message of "Tue, 09 Jun 1998 00:25:19 PDT." <3.0.3.32.19980609002519.009c0d80@netcom.com>
Sender: owner-ipsec@ex.tis.com

At 11:48 AM 6/9/98 -0400, Bill Sommerfeld wrote:
>> >	Since it is not possible to ship worth-while encryption products
>> >from the US (40-bit restriction), 
>> 
>> Actually that is not true anymore.  TriStrata Security just announced
>> a fully exportable, unlimited key strength encryption product.  Here's
>> their URL.
>> 
>> http://www.tristrata.com
>
>I read the whitepaper on the site.  It contains a number of phrases
>which should set off any crypto expert's snake-oil detectors, the most
>crucial being "virtual one time pad".
>

I don't think you need to take quotes out of context and change
their wording.  Here's exactly what was written.

"With RKS, a Random KeyStream derived from a physical random 
number generator is used as the cipher key.  Conforming to the 
requirements for a practical Vernam Cipher, the Random KeyStream
is the same length as the message and will not repeat with a 
small statistical probability. The secret is the effective 
management of a virtual keystream over 10낳 bytes long."

It is not claiming to be perfect, there is a small statistical
probability of a repetition.  Obviously you can't store a 10^30
byte 1-time pad.  So it has to be generated from a smaller
amount of random data.  However the solution is elegant and
has been reviewed by some top cryptographers, like Bart Preneel
and Fred Piper.  So far it has held up under tough analysis,
including by some cryptographers over at Bell Labs. It's 
effective key strength is 128 bits.

>It also has built-in key recovery, and appears to require interaction
>with a centralized network service for all encryption and decryption.
>As described, it also has good potential to have severe scaling
>problems.
>

The built in key recovery is why the unrestricted export license was 
granted.  No keys are escrowed with the government or third party 
agencies (unlike TIS's solution).  This is very powerful stuff.  Any 
company in the world, except for places like Iraq, can buy the system
and keep their keys to themselves.  Key recovery is at their own 
discretion, not forced upon them by the US government.

As for scaling, I guess if you can exceed 2 thousand requests per server
per second, then you've got a problem.  It ships as a dual server 
system.  This sure beats the hell out of Public Key implementations 
which can't do more than 10 per sec.

- Alex
--
Alex Alten
Andrade@Netcom.Com
P.O. Box 11406
Pleasanton, CA  94588  USA
(510) 417-0159

Follow-Ups:

Re: Rest of World encryption hardware products?

From: "Perry E. Metzger" <perry@piermont.com>

Re: Rest of World encryption hardware products?

From: Paul Koning <pkoning@xedia.com>

References:

Re: Rest of World encryption hardware products?

From: Bill Sommerfeld <sommerfeld@orchard.arlington.ma.us>

Prev by Date: Re: commercial IPSEC in Europe?
Next by Date: Re: Rest of World encryption hardware products?
Prev by thread: Re: Rest of World encryption hardware products?
Next by thread: Re: Rest of World encryption hardware products?
Index(es):
- Main
- Thread