Re: problems with SHA-1
> IBM developed a cypher called "lucifer". The NSA examined it,
> recommended some changes to the algorithm, and the result was DES.
Changes which, we now know, *strengthened* it against differential
cryptanalysis (which they new about in the 70's, and called the
"sliding attack", if I remember Copperfield's comments correctly...)
> (Why did they approve it?? They *break* codes)
That's only one of their jobs. They're *also* in charge of *providing*
communications security to the government.
> Also, DES is not approved by the government for internal use if the
> security level is Top Secret or above (if memory serves correctly).
Nope; it's actually not approved for *any* classification level. NSA
supplies special tools and keying material for classified data
handling. DES was for *commercial* and *personal* data...
> Strange that the government recommends that businesses use a cypher they
> don't use, don't you think?
Nope; as far as is publically known, for classified material they only
ever approved *hardware* solutions. (In the original DES spec, a
"correct" implementation had to be in hardware; certification of
software implementations came maybe 10 years later...) Of course, we
only know this after 20+ years of scrutiny and analysis, and that
doesn't help us judge the *current* political situation.
Also note that although SHA predated the MD5 attack mentioned here,
didn't SHA-1 (with a change from a shift to a rotate in one place, or
something subtle like that) come later?
DES is way past it's prime, which is why 3DES, though computationally
expensive, is a convincing followon partly *because* it takes
advantage of the extensive history of DES. (3DES, like DES, still
only gives you a 64bit hash, though, so it doesn't compete with
SHA/RIPEMD/MD5...)
--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-devel-request@lists.debian.org .
Trouble? e-mail to templin@bucknell.edu .
Reply to: