PGP and HMG

Owen Lewis oml at eloka.demon.co.uk
Tue, 8 May 2001 18:14:43 +0100 

-----Original Message-----
From: ukcrypto-admin@chiark.greenend.org.uk
[mailto:ukcrypto-admin@chiark.greenend.org.uk]On Behalf Of Ben Laurie
Sent: 07 May 2001 19:26
To: ukcrypto@chiark.greenend.org.uk
Subject: Re: PGP and HMG

Owen Lewis wrote:
>
> -----Original Message-----
> From: ukcrypto-admin@chiark.greenend.org.uk
> [mailto:ukcrypto-admin@chiark.greenend.org.uk]On Behalf Of Werner Koch
> Sent: 04 May 2001 13:26
> To: ukcrypto@chiark.greenend.org.uk
> Subject: Re: PGP and HMG
>
> On Fri, 4 May 2001, Ben Laurie wrote:
>
> > As well as relying on crypto that is not yet mature!
>
> Do you mean AES?

Yes.

>  Well the _recipient_ can choose the symmetric
> algorithm a sender has to choose.

In PGP? Really? How?
Well, the general idea would be to introduce a handshaking protocol whereby
one station is instructed by the other which of several symmetric cipher
modules to run. Until ACK for the correct module is received no msg will be
enciphered-sent/accepted-deciphered. While this can be designed to work
either way around, it is generally simpler (and better?) to allow the
sending station only to specify the module. Where a cipher text is passes by
transportation on physical media, it must be the sending station that
specifies.

>  Do you think that 3-DES is not
> matured?

No.

>
>         For over twenty years, it has been generally appreciated that,
with a 56
> bit key, DES was vulnerable to a brute force attack (albeit there were few
> with computational power necessary to exploit the weakness). A 3 DES
> implementation, the current method of choice for overcoming the 56 bit key
> limitation to DES security, could have been implemented by any from the
> publication of DES. Yet it was only when advances in computational power
> substantially broadened to a commonplace the number of organisations with
a
> capability to crack DES enciphered traffic that 3-DES came into use. 3-DES
> received backing from USG as a means of extending the common usage of DES.
> Discuss?

What's to discuss?

Ah well...

Owen


Cheers,

Ben.

--
http://www.apache-ssl.org/ben.html

"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff