[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: problems with SHA-1

On Tue, 24 Jun 1997, Shaya Potter wrote:

:On Mon, 23 Jun 1997, Bruce Perens wrote:
:> The problem with SHA-1 is that it is a U.S. Federal Information Processing
:> Standard, and I don't trust that the U.S. government will not place export
:> restrictions on it. I'm also wary of U.S. FIPS for the same reason I'm wary
:> about DES - various spy agencies have to approve the standard, and one wonders
:> if they know something we don't.
:However, you should know, that all these things are used for items the
:govt. wants to keep secure.  It wouldn't be too secure if their was a
:backdoor.  Also, didn't IBM develop DES, not the govt.

IBM developed a cypher called "lucifer".  The NSA examined it,
recommended some changes to the algorithm, and the result was DES.

I personally want nothing to do with a cypher "approved" by the NSA.
(Why did they approve it??  They *break* codes)

Also, DES is not approved by the government for internal use if the
security level is Top Secret or above (if memory serves correctly).
Strange that the government recommends that businesses use a cypher they
don't use, don't you think?

  Nathan Norman    :    Hostmaster CFNI    :    nnorman@cfni.com
    finger nnorman@cfni.com for PGP public key and other stuff
Key fingerprint = CE 03 10 AF 32 81 18 58  9D 32 C2 AB 93 6D C4 72

TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-devel-request@lists.debian.org . 
Trouble?  e-mail to templin@bucknell.edu .

Reply to: