Re: problems with SHA-1
On Tue, 24 Jun 1997, Nathan E Norman wrote:
>
> On Tue, 24 Jun 1997, Shaya Potter wrote:
>
> :On Mon, 23 Jun 1997, Bruce Perens wrote:
> :
> :> The problem with SHA-1 is that it is a U.S. Federal Information Processing
> :> Standard, and I don't trust that the U.S. government will not place export
> :> restrictions on it. I'm also wary of U.S. FIPS for the same reason I'm wary
> :> about DES - various spy agencies have to approve the standard, and one wonders
> :> if they know something we don't.
> :>
> :
> :However, you should know, that all these things are used for items the
> :govt. wants to keep secure. It wouldn't be too secure if their was a
> :backdoor. Also, didn't IBM develop DES, not the govt.
> :
> :Shaya
>
> IBM developed a cypher called "lucifer". The NSA examined it,
> recommended some changes to the algorithm, and the result was DES.
>
> I personally want nothing to do with a cypher "approved" by the NSA.
> (Why did they approve it?? They *break* codes)
That is not their only job. One of their main jobs is security work.
They approve all operating systems, such as the Multi-Level secure
workstations that I have used. They make a lot of the security policy
that the govt. as a whole uses.
>
> Also, DES is not approved by the government for internal use if the
> security level is Top Secret or above (if memory serves correctly).
> Strange that the government recommends that businesses use a cypher they
> don't use, don't you think?
I happen to agree here, DES is now deprecated, but it used to be pretty
good.
Shaya
--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-devel-request@lists.debian.org .
Trouble? e-mail to templin@bucknell.edu .
Reply to: