home *** CD-ROM | disk | FTP | other *** search
- Path: sparky!uunet!zaphod.mps.ohio-state.edu!wupost!udel!intercon!usenet
- From: amanda@intercon.com (Amanda Walker)
- Newsgroups: sci.crypt
- Subject: Re: Status of DES, or "Is the DES Standard PD?"
- Date: Mon, 14 Dec 1992 02:19:51 -0500
- Organization: InterCon Systems Corporation
- Lines: 30
- Distribution: world
- Message-ID: <9212140219.AA51201@chaos.intercon.com>
- References: <1gb7obINN3tp@gap.caltech.edu>
- Reply-To: amanda@intercon.com (Amanda Walker)
- NNTP-Posting-Host: chaos.intercon.com
- X-Newsreader: InterCon TCP/Connect II 1.1b22
-
- heathh@cco.caltech.edu (Heath Ian Hunnicutt) writes:
- > From what I understand, that's not totally true. While the _specs_
- > might be the same, IBM also submitted a rationale for the DES method.
- > This rationale document remains classified, and some wonder if it
- > contains information that severely weakens DES.
-
- Actually, on this very newsgroup some time back there was a posting from a
- person at IBM which explained that the DES design team knew about
- differential cryptanalysis at the time, and designed DES to be resistant to
- it. However, this crytanalytic technique was not public knowledge, and so
- this rationale was kept secret.
-
- Some 20 years later, when differential cryptanalysis was discovered in the
- academic world, researchers (notably Shamir, I believe) were annoyed to
- discover that the particular S-boxes in DES "just happened" to render the
- technique useless from a pragmatic standpoint in the cryptanalysis of DES.
-
- Ironically enough, it seems that IBM and the NSA secretly *strengthened* DES
- rather than weakening it.
-
- The key size, however, remains an open issue, as do allegations of key
- clustering. Remember also that it was never aimed at more than a reasonable
- amount of security, which it still provides.
-
-
-
- Amanda Walker
- InterCon Systems Corporation
-
-
-
