[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: problems with SHA-1

On Tue, 24 Jun 1997, Nathan E Norman wrote:

> On Tue, 24 Jun 1997, Shaya Potter wrote:
> :On Mon, 23 Jun 1997, Bruce Perens wrote:
> :
> :> The problem with SHA-1 is that it is a U.S. Federal Information Processing
> :> Standard, and I don't trust that the U.S. government will not place export
> :> restrictions on it. I'm also wary of U.S. FIPS for the same reason I'm wary
> :> about DES - various spy agencies have to approve the standard, and one wonders
> :> if they know something we don't.
> :> 
> :
> :However, you should know, that all these things are used for items the
> :govt. wants to keep secure.  It wouldn't be too secure if their was a
> :backdoor.  Also, didn't IBM develop DES, not the govt.
> :
> :Shaya
> IBM developed a cypher called "lucifer".  The NSA examined it,
> recommended some changes to the algorithm, and the result was DES.
> I personally want nothing to do with a cypher "approved" by the NSA.
> (Why did they approve it??  They *break* codes)

That is not their only job.  One of their main jobs is security work.
They approve all operating systems, such as the Multi-Level secure
workstations that I have used.  They make a lot of the security policy
that the govt. as a whole uses.

> Also, DES is not approved by the government for internal use if the
> security level is Top Secret or above (if memory serves correctly).
> Strange that the government recommends that businesses use a cypher they
> don't use, don't you think?

I happen to agree here, DES is now deprecated, but it used to be pretty


TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-devel-request@lists.debian.org . 
Trouble?  e-mail to templin@bucknell.edu .

Reply to: