From: jim bell <jimbell@pacifier.com>
Date: Wed, 22 May 1996 07:05:49 +0800
To: Bill Stewart <stewarts@ix.netcom.com>
Subject: Re: Rumor: DSS Broken?
Message-ID: <199605211740.KAA02723@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 08:32 PM 5/19/96 -0700, Bill Stewart wrote:
>At 08:05 PM 5/19/96 -0800, Jim Bell wrote:
>>It should occur to all of us that if the NSA was actually doing the job we 
>>are vastly over-paying them to do, it is THEY who should be finding, 
>>exposing, and correcting these kinds of cryptography faults.  
>
>They may have; they're just kind of selective in who they expose them to :-)

Yes...but...   How can the NSA serve two masters?  If the NSA has the 
American public's best interests at heart, then it should have revealed the 
flaw if it knew of it. (Otherwise, it can't be trusted...)  

If it did not, then it likewise should admit to this to show that their 
trustworthiness and reliability isn't particularly high and we shouldn't 
trust their opinions on Clipper etc.

It is at least arguable that the NSA might have a vested interest in 
allowing an enemy to continue to use a flawed encryption system, as in 
Enigma.   However, MD5 produces what ought to be secure hashes, right? A 
flaw in MD5 allows the person knowing the secret flaw to fake a file that 
produces a similar hash.  What interest could the NSA possibly have in 
allowing such faked files to be produced?  Is this part of the NSA's job 
description?


>Also, there are expert cryptographers outside the NSA, and outside the US;
>you might check where Dobbertin lives.  And this is a Good Thing.

Yes, it is.  But I'd like to think that the NSA isn't acting as if WE are 
the "enemy."


Jim Bell
jimbell@pacifier.com