[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Rest of World encryption hardware products?
Alex Alten writes:
> At 11:48 AM 6/9/98 -0400, Bill Sommerfeld wrote:
> >> > Since it is not possible to ship worth-while encryption products
> >> >from the US (40-bit restriction),
> >>
> >> Actually that is not true anymore. TriStrata Security just announced
> >> a fully exportable, unlimited key strength encryption product. Here's
> >> their URL.
> >>
> >> http://www.tristrata.com
> >
> >I read the whitepaper on the site. It contains a number of phrases
> >which should set off any crypto expert's snake-oil detectors, the most
> >crucial being "virtual one time pad".
> >
>
> I don't think you need to take quotes out of context and change
> their wording. Here's exactly what was written.
The term "Vernam Cipher" is a bell ringer. I agree with Mr. Sommerfeld
on this. It doesn't smell very good.
.pm
>
> "With RKS, a Random KeyStream derived from a physical random
> number generator is used as the cipher key. Conforming to the
> requirements for a practical Vernam Cipher, the Random KeyStream
> is the same length as the message and will not repeat with a
> small statistical probability. The secret is the effective
> management of a virtual keystream over 10³º bytes long."
>
> It is not claiming to be perfect, there is a small statistical
> probability of a repetition. Obviously you can't store a 10^30
> byte 1-time pad. So it has to be generated from a smaller
> amount of random data. However the solution is elegant and
> has been reviewed by some top cryptographers, like Bart Preneel
> and Fred Piper. So far it has held up under tough analysis,
> including by some cryptographers over at Bell Labs. It's
> effective key strength is 128 bits.
>
> >It also has built-in key recovery, and appears to require interaction
> >with a centralized network service for all encryption and decryption.
> >As described, it also has good potential to have severe scaling
> >problems.
> >
>
> The built in key recovery is why the unrestricted export license was
> granted. No keys are escrowed with the government or third party
> agencies (unlike TIS's solution). This is very powerful stuff. Any
> company in the world, except for places like Iraq, can buy the system
> and keep their keys to themselves. Key recovery is at their own
> discretion, not forced upon them by the US government.
>
> As for scaling, I guess if you can exceed 2 thousand requests per server
> per second, then you've got a problem. It ships as a dual server
> system. This sure beats the hell out of Public Key implementations
> which can't do more than 10 per sec.
>
> - Alex
> --
> Alex Alten
> Andrade@Netcom.Com
> P.O. Box 11406
> Pleasanton, CA 94588 USA
> (510) 417-0159
>
References: