[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

FW: Rest of World encryption hardware products?

To: "'ipsec@tis.com'" <ipsec@tis.com>
Subject: FW: Rest of World encryption hardware products?
From: "Burden, James" <JBurden@caiso.com>
Date: Wed, 10 Jun 1998 14:16:11 -0700
Sender: owner-ipsec@ex.tis.com

Providing proxy for....
> -----Original Message-----
> From:	Litney, Tom 
> Sent:	Wednesday, June 10, 1998 1:21 PM
> To:	Burden, James
> Subject:	RE: Rest of World encryption hardware products? 
> 
> Alex,
> 
>    Not sure what you meant by taking the quote out of context and
> changing the wording.  When I visited the site using the URL that Bill
> provided, I found his quote listed as the first bullet point on the
> page.  The quote that you are suppling come from another page which
> was apparently intended to provided more product detail.  I won't go
> into the cryptographic issues as they have already been so eloquently
> voiced by others.
> 
> 
>                  Tom
> 
> 
> -----Original Message-----
> From:	Alex Alten [SMTP:Andrade@ix.netcom.com]
> Sent:	Wednesday, June 10, 1998 12:48 AM
> To:	Bill Sommerfeld
> Cc:	Stephen Waters; ipsec@tis.com
> Subject:	Re: Rest of World encryption hardware products? 
> 
> At 11:48 AM 6/9/98 -0400, Bill Sommerfeld wrote:
> >> >	Since it is not possible to ship worth-while encryption products
> >> >from the US (40-bit restriction), 
> >> 
> >> Actually that is not true anymore.  TriStrata Security just
> announced
> >> a fully exportable, unlimited key strength encryption product.
> Here's
> >> their URL.
> >> 
> >> http://www.tristrata.com
> >
> >I read the whitepaper on the site.  It contains a number of phrases
> >which should set off any crypto expert's snake-oil detectors, the
> most
> >crucial being "virtual one time pad".
> >
> 
> I don't think you need to take quotes out of context and change
> their wording.  Here's exactly what was written.
> 
> "With RKS, a Random KeyStream derived from a physical random 
> number generator is used as the cipher key.  Conforming to the 
> requirements for a practical Vernam Cipher, the Random KeyStream
> is the same length as the message and will not repeat with a 
> small statistical probability. The secret is the effective 
> management of a virtual keystream over 10낳 bytes long."
> 
> It is not claiming to be perfect, there is a small statistical
> probability of a repetition.  Obviously you can't store a 10^30
> byte 1-time pad.  So it has to be generated from a smaller
> amount of random data.  However the solution is elegant and
> has been reviewed by some top cryptographers, like Bart Preneel
> and Fred Piper.  So far it has held up under tough analysis,
> including by some cryptographers over at Bell Labs. It's 
> effective key strength is 128 bits.
> 
> >It also has built-in key recovery, and appears to require interaction
> >with a centralized network service for all encryption and decryption.
> >As described, it also has good potential to have severe scaling
> >problems.
> >
> 
> The built in key recovery is why the unrestricted export license was 
> granted.  No keys are escrowed with the government or third party 
> agencies (unlike TIS's solution).  This is very powerful stuff.  Any 
> company in the world, except for places like Iraq, can buy the system
> and keep their keys to themselves.  Key recovery is at their own 
> discretion, not forced upon them by the US government.
> 
> As for scaling, I guess if you can exceed 2 thousand requests per
> server
> per second, then you've got a problem.  It ships as a dual server 
> system.  This sure beats the hell out of Public Key implementations 
> which can't do more than 10 per sec.
> 
> - Alex
> --
> Alex Alten
> Andrade@Netcom.Com
> P.O. Box 11406
> Pleasanton, CA  94588  USA
> (510) 417-0159

Prev by Date: Re: DNS and X.501 DistinguishedName
Next by Date: Re: DNS and X.501 DistinguishedName
Prev by thread: RE: cert request or cert repository?
Next by thread: Where can I find the latest drafts?
Index(es):
- Main
- Thread