From: jim bell <jimbell@pacifier.com>
Date: Mon, 20 May 1996 16:07:30 +0800
To: Robert Hettinga <stewarts@ix.netcom.com>
Subject: Re: Rumor: DSS Broken?
Message-ID: <199605200308.UAA03511@newmail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 08:33 AM 5/19/96 -0400, Robert Hettinga wrote:
>At 9:41 PM  -0400 5/18/96, Bill Stewart wrote:
>> MD5 is at least weakened, maybe broken; there's an abstract by Hans Dobbertin
>> that says something about generating collisions, and gives an example
>> (though the abstract doesn't say how general the method is.)
>
>That's what I get for not reading the DSS stuff when it came out. I'd heard
>lots about the MD5 stuff, but I didn't put the two together.
>
>It also looks like I'm behind in my reading.  Time to buy another edition
>of Applied Cryptography...

It should occur to all of us that if the NSA was actually doing the job we 
are vastly over-paying them to do, it is THEY who should be finding, 
exposing, and correcting these kinds of cryptography faults.  Has anybody 
ever heard any evidence that the NSA has ever acted in this sort of 
responsible role?

Another question:  If the government provided DSS, and it's now toast, and 
it provided Clipper...  Somebody ought to ask The Wicked.... er...  Dorothy 
Denning how she thinks we should be willing to trust the government's 
vetting of anything like Clipper when DSS may be flawed...and the government 
didn't find the error!

Think about it.




Jim Bell
jimbell@pacifier.com