1994-06-22 - Re: Thoughts on the NSA’s correction to SHA

Header Data

From: pcw@access.digex.net (Peter Wayner)
To: schneier@chinet.chinet.com (Bruce Schneier)
Message Hash: d2ed1c29d71efbb79c862a2f5935781066f5d3c287fa96a4ed7be67b629aa1ea
Message ID: <199406221629.AA01108@access2.digex.net>
Reply To: N/A
UTC Datetime: 1994-06-22 16:29:36 UTC
Raw Date: Wed, 22 Jun 94 09:29:36 PDT

Raw message

From: pcw@access.digex.net (Peter Wayner)
Date: Wed, 22 Jun 94 09:29:36 PDT
To: schneier@chinet.chinet.com (Bruce Schneier)
Subject: Re: Thoughts on the NSA's correction to SHA
Message-ID: <199406221629.AA01108@access2.digex.net>
MIME-Version: 1.0
Content-Type: text/plain



>The very fact that this correction had to made offers some
>insights into the National Security Agency.
>
>I believe that releasing DES to the public was the biggest
>cryptography mistake that NSA ever made.  Consider the state of
>research in cryptology before DES.  It was simplistic.  It was
>haphazard.  There was little interest.  If any results of value
>were ever discovered, the NSA could squash them with a secrecy
>order.  No one cared.
>

There is one problem with this analysis: 

  IBM created DES. Not the NSA. Sure the NSA could have asked them to keep
  it hidden, but the NSA was also going to IBM and warning them
  about Russians evesdropping on IBMs networks. Everyone realized it
  was time for public cryptography. Especially IBM. It is not clear
  that a secrecy order would have worked. 

This is not to say that your analysis is wrong. They classified the
design procedures which was their attempt at a compromise. IBM couldn't
publish the details of how to make a good algorithm, but they could
release the details of the standard. 







Thread