From: Bill Stewart <stewarts@ix.netcom.com>
Date: Wed, 2 Oct 1996 17:09:05 +0800
To: perry@piermont.com
Subject: Re: Clipper III on the table
Message-ID: <199610020637.XAA19893@dfw-ix9.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 02:44 PM 10/1/96 -0400, Perry wrote:
>We really have to work on cracking DES at least once -- it would
>substantially reduce the wind in the Administration's sails.

56 bits + GAK does generally mean DES/GAK, though RC4/56/GAK is also possible.

One "56-bit" protocol that might be allowable under the new rules is
"something strong with all but 56 key bits revealed", e.g. RC4/128
with 72 bits salt revealed (like the RC4/128 with 88 bits salt revealed that
Netscape uses, or 3-DES with 112 bits salt revealed), which would be 
substantially stronger against cracking than raw 56-bit DES.  
A big advantage is that it makes pre-computation of lists less useful,
since two cyphertexts with the same 56-bit key might be different in the
top N-56 bits of key, and the key schedules are less reusable.
The 3DES version, for instance, also gains because some of the big
DES hooks that let you scrounge a few bits don't work.


#			Thanks;  Bill
# Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com
America's Open Presidential Debate - Beyond Dole and Clinton!
<A href="http://gate.net/~bdcollar/bbe/media.htm">Tuesday, Oct. 8th 8:00 PM
EDT</a>