Re: problems with SHA-1
On Tue, 24 Jun 1997, Nathan E Norman wrote:
> On Tue, 24 Jun 1997, Shaya Potter wrote:
> :On Mon, 23 Jun 1997, Bruce Perens wrote:
> :> The problem with SHA-1 is that it is a U.S. Federal Information Processing
> :> Standard, and I don't trust that the U.S. government will not place export
> :> restrictions on it. I'm also wary of U.S. FIPS for the same reason I'm wary
> :> about DES - various spy agencies have to approve the standard, and one wonders
> :> if they know something we don't.
> :However, you should know, that all these things are used for items the
> :govt. wants to keep secure. It wouldn't be too secure if their was a
> :backdoor. Also, didn't IBM develop DES, not the govt.
> IBM developed a cypher called "lucifer". The NSA examined it,
> recommended some changes to the algorithm, and the result was DES.
> I personally want nothing to do with a cypher "approved" by the NSA.
> (Why did they approve it?? They *break* codes)
That is not their only job. One of their main jobs is security work.
They approve all operating systems, such as the Multi-Level secure
workstations that I have used. They make a lot of the security policy
that the govt. as a whole uses.
> Also, DES is not approved by the government for internal use if the
> security level is Top Secret or above (if memory serves correctly).
> Strange that the government recommends that businesses use a cypher they
> don't use, don't you think?
I happen to agree here, DES is now deprecated, but it used to be pretty
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
Trouble? e-mail to email@example.com .