1996-03-28 - Re: HP & Export of DCE

Header Data

From: “Perry E. Metzger” <perry@piermont.com>
To: Adam Shostack <adam@lighthouse.homeport.org>
Message Hash: 35e9e4de174dff9648cc7665bc6a14d948e2234d89dfe4c38b36a82853e0a84b
Message ID: <199603271621.LAA02453@jekyll.piermont.com>
Reply To: <199603271619.LAA08716@homeport.org>
UTC Datetime: 1996-03-28 00:55:22 UTC
Raw Date: Thu, 28 Mar 1996 08:55:22 +0800

Raw message

From: "Perry E. Metzger" <perry@piermont.com>
Date: Thu, 28 Mar 1996 08:55:22 +0800
To: Adam Shostack <adam@lighthouse.homeport.org>
Subject: Re: HP & Export of DCE
In-Reply-To: <199603271619.LAA08716@homeport.org>
Message-ID: <199603271621.LAA02453@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain

Adam Shostack writes:
> | Adam Shostack writes:
> | > Well, if Leahy passes, DCE is exportable.  Anyone know if the
> | > 'SecureRPC' in  DCE is the one BAL broke years back?
> | 
> | No, they broke Sun's Secure RPC, which is different.
> I wasn't aware there were multiple things masquerading under the name
> Secure RPC.  In any event, does the crypto in DCE stand up to the
> LaMacchia/Odlyzko attacks?

They are attacks against Diffie-Hellman. I don't know if DCE uses D-H
in a similar manner. The main problem was too small a (fixed) modulus.

> (And did Sun ever upgrade what they ship?)

I don't believe so.