Re: Re[2]: Clarifying controversial criteria

Brad Knowles (brad@azathoth.ops.aol.com)
Fri, 15 Mar 1996 18:17:15 -0500

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Previous message: Raph Levien: "resolving-security mailing list: Re[2]: Clarifying controversial criteria"

On Mar 15,  4:38pm, Perry E. Metzger wrote:

> Er, many have, Mr. Dusse. Not to mention the fact that the ITARs are
> basically toothless, since we can all buy excellent cryptographic
> software from abroad. Not to mention that most of the cryptographic
> software I use day to day was written abroad. I can also buy excellent
> cryptographic hardware overseas these days, and get implementations of
> virtually all cryptographic protocols defined by the IETF from
> overseas.

    Hell, the United States Federal Government buys it's crypto from
"overseas" for use in the STU-IV, so that it's not subject to ITAR.
Specifically, they buy it from a Canadian company.  And the State
Department smuggled STU-IIIs out of the country in diplomatic pouches
to Saudi Arabia for Desert Shield/Desert Storm, a fact that was widely
published in the newspapers at the time.  And yet it's the State
Department that is charged with enforcing the damn ITAR regulations.

    What about STU-IIIs made in Norway that can't be re-exported to
Norway for service, once they've been programmed with keys at the US
Key Distribution Facility?  What is it that we're really protecting
here?


    There's something about this whole damn process that really
stinks.

> 40 bit RC2 is, in fact, quite thoroughly easy to break. If I ever had
> any interest at all in breaking a message, I could. Furthermore, RC2
> is a nearly unexamined proprietary protocol. I will point out that it
> is a nearly unexamined proprietary protocol pushed by Mr. Dusse's
> company.

    I would submit that "easy" is a relative term.  Perhaps easy for
you to break, perhaps easy for true Cypherpuks to break, but not easy
for me to break -- I just don't know that much about it.  However, I'm
willing to take the recommendation of experts that no less than 90
bits of key would be required to be reasonably secure with RC2.

    I also have enough respect for RSA to believe that RC2 is highly
unlikely to have any design flaws.  In fact, I trust them more than I
do the NSA, when it comes to designing encryption algorithms.  At
least the guys at RSA have a company and personal reputation to
protect, while the NSA has all sorts of hidden agendas that none of us
is ever likely to know.


    I would consider myself reasonably secure if RC2 was determined to
be the "standard", if the minimum key length was required to be large
enough that given optimistic projections by the experts, files
encrypted with minimum length keys would still be likely to be secure
(seven years being imposed by the Statute of Limitations in many
cases).

-- 
Brad Knowles                           MIME/PGP: BKnowles@aol.net
    Mail Systems Administrator        <http://www.his.com/~brad/>
    for America Online, Inc.                   Ph: (703) 453-4148

	PGP keys available from pgp-public-keys@pgp.ai.mit.edu

Previous message: Raph Levien: "resolving-security mailing list: Re[2]: Clarifying controversial criteria"