From: frantz@netcom.com (Bill Frantz)
Date: Mon, 20 May 1996 22:36:25 +0800
To: jim bell <stewarts@ix.netcom.com>
Subject: Re: Rumor: DSS Broken?
Message-ID: <199605200803.BAA11630@netcom8.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At  8:05 PM 5/19/96 -0800, jim bell wrote:
>At 08:33 AM 5/19/96 -0400, Robert Hettinga wrote:
>>At 9:41 PM  -0400 5/18/96, Bill Stewart wrote:
>>> MD5 is at least weakened, maybe broken; there's an abstract by Hans
>>>Dobbertin
>>> that says something about generating collisions, and gives an example
>>> (though the abstract doesn't say how general the method is.)
>>
>>That's what I get for not reading the DSS stuff when it came out. I'd heard
>>lots about the MD5 stuff, but I didn't put the two together.
>>
>>It also looks like I'm behind in my reading.  Time to buy another edition
>>of Applied Cryptography...
>
>It should occur to all of us that if the NSA was actually doing the job we 
>are vastly over-paying them to do, it is THEY who should be finding, 
>exposing, and correcting these kinds of cryptography faults.  Has anybody 
>ever heard any evidence that the NSA has ever acted in this sort of 
>responsible role?

I was rather impressed by NSA's role in the creation of DES.  The
strengthened it against an attack which was not publicly known, and didn't,
in the process, reveal the attack.  (See AC2.)


------------------------------------------------------------------------
Bill Frantz       | The CDA means  | Periwinkle  --  Computer Consulting
(408)356-8506     | lost jobs and  | 16345 Englewood Ave.
frantz@netcom.com | dead teenagers | Los Gatos, CA 95032, USA