On Tue, 24 Jun 1997, Nathan E Norman wrote: > > On Tue, 24 Jun 1997, Shaya Potter wrote: > > :On Mon, 23 Jun 1997, Bruce Perens wrote: > : > :> The problem with SHA-1 is that it is a U.S. Federal Information Processing > :> Standard, and I don't trust that the U.S. government will not place export > :> restrictions on it. I'm also wary of U.S. FIPS for the same reason I'm wary > :> about DES - various spy agencies have to approve the standard, and one > wonders > :> if they know something we don't. > :> > : > :However, you should know, that all these things are used for items the > :govt. wants to keep secure. It wouldn't be too secure if their was a > :backdoor. Also, didn't IBM develop DES, not the govt. > : > :Shaya > > IBM developed a cypher called "lucifer". The NSA examined it, > recommended some changes to the algorithm, and the result was DES. > > I personally want nothing to do with a cypher "approved" by the NSA. > (Why did they approve it?? They *break* codes)
That is not their only job. One of their main jobs is security work. They approve all operating systems, such as the Multi-Level secure workstations that I have used. They make a lot of the security policy that the govt. as a whole uses. > > Also, DES is not approved by the government for internal use if the > security level is Top Secret or above (if memory serves correctly). > Strange that the government recommends that businesses use a cypher they > don't use, don't you think? I happen to agree here, DES is now deprecated, but it used to be pretty good. Shaya -- TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to [EMAIL PROTECTED] . Trouble? e-mail to [EMAIL PROTECTED] .