[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
FW: Rest of World encryption hardware products?
Providing proxy for....
> -----Original Message-----
> From: Litney, Tom
> Sent: Wednesday, June 10, 1998 1:21 PM
> To: Burden, James
> Subject: RE: Rest of World encryption hardware products?
>
> Alex,
>
> Not sure what you meant by taking the quote out of context and
> changing the wording. When I visited the site using the URL that Bill
> provided, I found his quote listed as the first bullet point on the
> page. The quote that you are suppling come from another page which
> was apparently intended to provided more product detail. I won't go
> into the cryptographic issues as they have already been so eloquently
> voiced by others.
>
>
> Tom
>
>
> -----Original Message-----
> From: Alex Alten [SMTP:Andrade@ix.netcom.com]
> Sent: Wednesday, June 10, 1998 12:48 AM
> To: Bill Sommerfeld
> Cc: Stephen Waters; ipsec@tis.com
> Subject: Re: Rest of World encryption hardware products?
>
> At 11:48 AM 6/9/98 -0400, Bill Sommerfeld wrote:
> >> > Since it is not possible to ship worth-while encryption products
> >> >from the US (40-bit restriction),
> >>
> >> Actually that is not true anymore. TriStrata Security just
> announced
> >> a fully exportable, unlimited key strength encryption product.
> Here's
> >> their URL.
> >>
> >> http://www.tristrata.com
> >
> >I read the whitepaper on the site. It contains a number of phrases
> >which should set off any crypto expert's snake-oil detectors, the
> most
> >crucial being "virtual one time pad".
> >
>
> I don't think you need to take quotes out of context and change
> their wording. Here's exactly what was written.
>
> "With RKS, a Random KeyStream derived from a physical random
> number generator is used as the cipher key. Conforming to the
> requirements for a practical Vernam Cipher, the Random KeyStream
> is the same length as the message and will not repeat with a
> small statistical probability. The secret is the effective
> management of a virtual keystream over 10³º bytes long."
>
> It is not claiming to be perfect, there is a small statistical
> probability of a repetition. Obviously you can't store a 10^30
> byte 1-time pad. So it has to be generated from a smaller
> amount of random data. However the solution is elegant and
> has been reviewed by some top cryptographers, like Bart Preneel
> and Fred Piper. So far it has held up under tough analysis,
> including by some cryptographers over at Bell Labs. It's
> effective key strength is 128 bits.
>
> >It also has built-in key recovery, and appears to require interaction
> >with a centralized network service for all encryption and decryption.
> >As described, it also has good potential to have severe scaling
> >problems.
> >
>
> The built in key recovery is why the unrestricted export license was
> granted. No keys are escrowed with the government or third party
> agencies (unlike TIS's solution). This is very powerful stuff. Any
> company in the world, except for places like Iraq, can buy the system
> and keep their keys to themselves. Key recovery is at their own
> discretion, not forced upon them by the US government.
>
> As for scaling, I guess if you can exceed 2 thousand requests per
> server
> per second, then you've got a problem. It ships as a dual server
> system. This sure beats the hell out of Public Key implementations
> which can't do more than 10 per sec.
>
> - Alex
> --
> Alex Alten
> Andrade@Netcom.Com
> P.O. Box 11406
> Pleasanton, CA 94588 USA
> (510) 417-0159