Other Directory Sites: SeekWonder | Directory Owners Forum
The following archive was created by hippie-mail 7.98617-22 on Fri Aug 21 1998 - 17:20:41 ADT
Xcott Craver (caj@math.niu.edu)
Mon, 20 Jul 1998 18:17:37 -0500 (CDT)
On Mon, 20 Jul 1998, Robert Hettinga wrote:
> So, once again, I repeat: as of last week, DES *is* snakeoil, no matter its
> venerable pedigree. (See my .sig, below, to see what I think about
> venerable ideas.)
>
> So, anyone who sells DES in an application requiring *any* serious
> security, *especially* for commercial financial operations, is selling
> snakeoil. It's that simple.
Maybe if you say "single-DES" instead of DES; the terminology is
starting to confuse me. Single-DES implmentations are certainly
snakeoil if sold as "strong" or "military grade" or whatever
superlatives marketers toss upon these things.
But when I hear "DES" I think of the algorithm, which
*can* be sold in an application requiring serious security
without making it snake-oil. 3DES is an example.
And it's pushing it to declare a cryptosystem "DED,"
when simply encrypting multiple times still yields a
secure (and efficient) cipher.
> Cheers,
> Bob Hettinga
-Caj
The following archive was created by hippie-mail 7.98617-22 on Fri Aug 21 1998 - 17:20:41 ADT