From: James Black <black@sunflash.eng.usf.edu>
Date: Tue, 28 Nov 1995 10:54:32 +0800
To: Bill Stewart <stewarts@ix.netcom.com>
Subject: Re: Cypherpunk Certification Authority
In-Reply-To: <199511271952.LAA26633@ix3.ix.netcom.com>
Message-ID: <Pine.SUN.3.91.951127201852.6314C-100000@sunflash.eng.usf.edu>
MIME-Version: 1.0
Content-Type: text/plain


Hello,

On Mon, 27 Nov 1995, Bill Stewart wrote:

> Signatures often have known, or easily guessed, plaintext in them,
> like the signer's name or ID number, or various header fields
> such as X.509's equivalent to ----- BEGIN PGP ....

  If the signature is padded with random junk on the end, then it makes 
it harder to do a known text attack.  There was a message a few days ago 
by Anderson and someone else (in England) that dealt with weaknesses in 
some encryption protocols.  It was good to read.

> DES isn't worthless.  It's a bit weak, but not worthless.

  Even though he didn't have proof Bruce Schneier stated in "Applied 
Cryptography 2nd Ed" that the NSA might have a machine that can crack DES 
in 15 mins, and maybe as low as 3-5, as one was built and sold.  The book 
can explain it more, as I am doing this from memory.
  Take care and have fun.
 
==========================================================================
James Black (Comp Sci/Comp Eng sophomore)
e-mail: black@eng.usf.edu
http://www.eng.usf.edu/~black/index.html
**************************************************************************