From: lmccarth@cs.umass.edu
Date: Fri, 1 Mar 96 07:42:54 PST
To: jonathon@japan.sbi.com (Jonathon Fletcher)
Subject: Re: Nortel "Entrust"
In-Reply-To: <Pine.SUN.3.91.960301161135.11367M-100000@doe905f>
Message-ID: <199603011542.KAA19745@opine.cs.umass.edu>
MIME-Version: 1.0
Content-Type: text/plain


Jonathon Fletcher writes:
>   Can anyone tell me anything about a product called "Entrust", by Nortel
> (Northern Telecom). The notes talk about the software using DES ("which
> employs a 56-bit key") so I guess it's single DES, not triple DES. It also
> mentions a proprietary algorithm called CAST. 
> 
>   Is this worthy of further investigation, or is it suspect ? What is 
> CAST, and would it be classed as snake oil ?

I asked one of the NorTel sales reps. about this at the RSA conference. As
I recall, CAST is an espionage-enabled version of DES -- i.e. 16 of the key
bits are sent in the clear, or have a fixed value, or something along those
lines. The guy I spoke to didn't know the technical details.

Of course, maybe we should consider 56-bit DES espionage-enabled at this 
point too ! 

>   Please cc to me in mail

(done)

-Lewis