Richard Salz <[EMAIL PROTECTED]> wrote: >Today in slashdot (http://it.slashdot.org/it/06/06/12/0710232.shtml) there >was an article about China wanting to get WAPI accepted as a new wireless >security standard. Has anyone looked at it?
Adam Perez wrote: >I have not looked at WAPI, but they have been trying to get it approved >for a number of years, check out <http://en.wikipedia.org/wiki/WAPI> >(has link to algorithm) and ><http://www.foxnews.com/story/0,2933,199082,00.html>. As far as I can tell, WAPI (the Chinese proposal) uses proprietary unpublished cryptographic algorithms. The specification is secret and confidential. It uses the SMS4 block cipher, which is secret and patented. [*] I don't think that makes any sense, from a security point of view. That's what got the 802.11 folks in trouble the last time. If the authors of WAPI won't make their spec and their algorithms, there is no basis for trust in their scheme. This is no way to design a standard, and from the outside, it looks like adopting WAPI would be unwise. It was a bad idea the last time it was proposed, and it's still a bad idea. Frankly, it's disappointing that any proposal that involves use of secret homebrew crypto would be taken even the slightest bit seriously, no matter what country's government is pushing it. From a technical point of view, it sounds like something that should have been rejected with prejudice long ago. [*] Contrary to what Adam Perez's email might suggest, Wikipedia does not have a link to a specification of SMS4 or of WAPI. Wikipedia has an entry for SMS4, but about all it says is that not much is publicly known about SMS4. --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]