RE: Truth and Hype

Thompson, Christopher (
Tue, 17 Jun 1997 12:37:26 -0600

> - The government already understands the weaknesses of DES
> and this effort isn't going to show them anything that the NSA
> already hasn't.

Being told something by the NSA and being told something by thousands of
people who are thinking of voting for you in the next election are two
different things...
> - Triple-DES is much more secure and just as easy to do (since
> the government mandates the use of hardware for DES) so DES
> is not on its last legs and there really is no need to worry about
> weak encryption.

Assuming that the NSA haven't found an easy way to crack DES (which is a
rather large assumption, IMO), I still think that DES is on its last
legs because it is much easier to break it using specialized hardware.
DESCHALL serves as a pointer that DES is breakable using _spare_ cycles
on computers in North America. No specialized hardware at all.

DES (and triple-DES) is supposedly very secure. This is obviously not
the case if (1) it is breakable using computer cycles that would
otherwise just have gone to waste (regardless of the practicality of
doing this on a regular basis) or (2) if you can build a specialized
computer for a reasonable amount of cash that can break DES in only a
matter of hours.

Also, triple-DES is only more secure than regular DES if you don't know
a short-cut. For example, the encryption used by PKZIP is not at all
secure. It can be unencrypted in a fraction of a second even without
the key, so encrypting it fifty times using the same algorithm isn't
adding any more security. The weakest link in a chain...

> - The NSA ALLOWS public-key cyptography to exist because they
> know it's flawed. They know that the best way to keep things

I don't believe this. But of course, I cannot prove it.

>might pressure the government which might lead to consequences
>other than a wake-up call or the intended one which is to promote
>secure, global, large-key public-key cryptography.

Quite possible, of course. But honestly, I'd rather live in a world
where DES encryption was banned than one where we rely on it for
international wire transfers and the like on the hope that it there
aren't any short-cuts that someone knows who is cracking it. It may
come to pass that the DESCHALL effort results in more government control
and less encryption availability and reliability. But it's pretty
unlikely and it is a risk we are taking.