From: Peter Wayner <pcw@access.digex.com>
To: honey@citi.umich.edu
Message Hash: 2264c4fab77f6605e2d99b62c1c914fe08dca2664d9ff8e7641937209c22c6c5
Message ID: <199304241352.AA11064@access.digex.com>
Reply To: N/A
UTC Datetime: 1993-04-24 19:19:05 UTC
Raw Date: Sat, 24 Apr 93 12:19:05 PDT
From: Peter Wayner <pcw@access.digex.com>
Date: Sat, 24 Apr 93 12:19:05 PDT
To: honey@citi.umich.edu
Subject: Re: saltzer and schroeder on information protection
Message-ID: <199304241352.AA11064@access.digex.com>
MIME-Version: 1.0
Content-Type: text/plain
Although the "details" are classified at this time, I believe
that the secrecy is just part of the plan to prevent software
implementations that could easily spoof anyone who was
trying to listen in by munging the law enforcement block.
I'm sure the algorithm would continue to be secure even after
the details are discovered. The secrecy is to control use
not to prevent decryption.
This is, I believe, the greatest achilles heel of this proposal.
There are at least 40 million PC's in this country. They would
like this chip to become the "standard" for all encryption. That
would mean putting in every machine. The cost of this could
range from $25 to $100 per machine. That means this whole plan
could cost $1 billion to $4 billion dollars in real money.
A new software encryption standard, however, could be promulgated
with about one summer's work by an undergraduate handy with C.
I believe that people aren't going to be willing to add the additional
hardware to their PC boxes. Look how slowly better video standards
have evolved in the PC domain. Look how slowly CD-ROMs are becoming
standard. Everyone agrees that this technology would be nice, but
no one is willing to raise the level of their standard boxes to
include this hardware. Raising the price of their standard box
puts them at a competitive disadvantage. So the lowest common
denominator continues.
DES chips have been around for _years_ and no one builds them
into their boxes. Why is this chip going to be any different?
-Peter
Return to April 1993
Return to “Peter Wayner <pcw@access.digex.com>”
1993-04-24 (Sat, 24 Apr 93 12:19:05 PDT) - Re: saltzer and schroeder on information protection - Peter Wayner <pcw@access.digex.com>