1996-05-02 - Re: [Fwd: Cylink can export 128-bit DH?]

Header Data

From: frantz@netcom.com (Bill Frantz)
To: peng-chiew low <droelke@rdxsunhost.aud.alcatel.com>
Message Hash: cbbca5338d08e8e11855461638e5da3178cd276dc80bac2361fb14e8bb711688
Message ID: <199605011919.MAA27020@netcom8.netcom.com>
Reply To: N/A
UTC Datetime: 1996-05-02 04:22:11 UTC
Raw Date: Thu, 2 May 1996 12:22:11 +0800

Raw message

From: frantz@netcom.com (Bill Frantz)
Date: Thu, 2 May 1996 12:22:11 +0800
To: peng-chiew low <droelke@rdxsunhost.aud.alcatel.com>
Subject: Re: [Fwd: Cylink can export 128-bit DH?]
Message-ID: <199605011919.MAA27020@netcom8.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 12:22 AM 5/2/96 +0700, peng-chiew low wrote:
>Daniel R. Oelke wrote:
>> There are provisions for exporting DES for banking purposes.
>> Generally it is a hardware card that "can't" be reused outside
>> of the banking transfer machine. 
>
>So far, I've seen DES software from a couple of U.S. companies. The question
>is "Is it the U.S. domestic DES or "export flavored" DES? As for the hardware,
>would'nt it be inconsistant if the DES supplied is the Domestic DES?

As far as I know, DES is DES, domestic or export.  If your DES
interoperates with domestic DES (or popular implementations available on
non-US servers), then you have DES.


>I know DES as a subject here is one big YAWN, but for guys like us in the
>Asia, it's not. Why? 'Cause the US crypto companies here in Asia keep telling 
>us about how good and wonderful and secure DES is, and that it is THE standard
>used by the American Banking Association. 

It is THE standard.  The political reasons are complex, but the bottom line
is that large governments and other large organizations can brute force 56
bit keys.  As far as the US government and the US banking system are
concerned, this ability does not reduce bank transaction security since the
US government can get the details directly from the bank by legal process.

Most cryptographic experts recommend Triple DES, encrypting the data 3
times with 3 different keys.  If the middle encryption runs DES in decrypt
mode, the system can be made compatible with single DES by using the same
key 3 times.  The US government has never, to my knowledge, licensed the
export of a Triple DES system.


------------------------------------------------------------------------
Bill Frantz       | The CDA means  | Periwinkle  --  Computer Consulting
(408)356-8506     | lost jobs and  | 16345 Englewood Ave.
frantz@netcom.com | dead teenagers | Los Gatos, CA 95032, USA







Thread