Re: problems with SHA-1
On 25 Jun 1997, Mark Eichin wrote:
:> IBM developed a cypher called "lucifer". The NSA examined it,
:> recommended some changes to the algorithm, and the result was DES.
:Changes which, we now know, *strengthened* it against differential
:cryptanalysis (which they new about in the 70's, and called the
:"sliding attack", if I remember Copperfield's comments correctly...)
Yes and no ... they did weaken the S-boxes
:> (Why did they approve it?? They *break* codes)
:That's only one of their jobs. They're *also* in charge of *providing*
:communications security to the government.
... but that doesn't include providing security to the public at large.
Therefore, I stand by my statement, as it applies to you and me, not
government agencies. I think recent events concerning cryptography
export laws, key escrow, clipper, etc. strengthen rather than reduce my
:> Also, DES is not approved by the government for internal use if the
:> security level is Top Secret or above (if memory serves correctly).
:Nope; it's actually not approved for *any* classification level. NSA
:supplies special tools and keying material for classified data
:handling. DES was for *commercial* and *personal* data...
My mistake. I looked this up and you're 100% correct :)
:> Strange that the government recommends that businesses use a cypher they
:> don't use, don't you think?
:Nope; as far as is publically known, for classified material they only
:ever approved *hardware* solutions. (In the original DES spec, a
:"correct" implementation had to be in hardware; certification of
:software implementations came maybe 10 years later...) Of course, we
:only know this after 20+ years of scrutiny and analysis, and that
:doesn't help us judge the *current* political situation.
You really don't answer the question, in spite of the "nope".. *Why*
does the government insist that the business and personal communities
trust an algortihm that thay themselves don't use? Doesn't that display
an implicit mistrust? If I sold you software that I wrote but refused
to let my employees use it, wouldn't you find that odd?
Also, as far as I can tell, software DES has never been approved. You
are correct that the first implementation approved was in hardware.
Also, it is my understanding that the military uses one-time pad
encryption. I do know they have a lot of trust in their radio
scrambling systems (we used them a lot)
:Also note that although SHA predated the MD5 attack mentioned here,
:didn't SHA-1 (with a change from a shift to a rotate in one place, or
:something subtle like that) come later?
I'll confess ignorance to the details of SHA.
:DES is way past it's prime, which is why 3DES, though computationally
:expensive, is a convincing followon partly *because* it takes
:advantage of the extensive history of DES. (3DES, like DES, still
:only gives you a 64bit hash, though, so it doesn't compete with
Recent events have shown DES to be totally worthless for real security
(the challenge). My argument was, and remains this: I think any good
cryptographic algorithm, regardless of who wrote it, should be
considered for the future. Some folks in the government seem to feel
that only they should have the right to introduce new algorithms, often
without releasing the details to public scrutiny. I am not a
cryptanalysis expert: those who are seem to be saying that only those
algorithms which are fully public should be trusted. Many of the
current "alternatives" available don't seem to meet this criterion or
have a suitable bit length.
I like the internet in general and Linux in particular because they
provide people with the opportunity to empower themselves with
information. Good cryptography also does this. I'm not a dissident -
I'm actually quite conservative in many ways, but I do object to
policies that prevent honest people from empowering themselves.
Nathan Norman : Hostmaster CFNI : firstname.lastname@example.org
finger email@example.com for PGP public key and other stuff
Key fingerprint = CE 03 10 AF 32 81 18 58 9D 32 C2 AB 93 6D C4 72
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
Trouble? e-mail to firstname.lastname@example.org .