> IBM developed a cypher called "lucifer". The NSA examined it, > recommended some changes to the algorithm, and the result was DES.
Changes which, we now know, *strengthened* it against differential cryptanalysis (which they new about in the 70's, and called the "sliding attack", if I remember Copperfield's comments correctly...) > (Why did they approve it?? They *break* codes) That's only one of their jobs. They're *also* in charge of *providing* communications security to the government. > Also, DES is not approved by the government for internal use if the > security level is Top Secret or above (if memory serves correctly). Nope; it's actually not approved for *any* classification level. NSA supplies special tools and keying material for classified data handling. DES was for *commercial* and *personal* data... > Strange that the government recommends that businesses use a cypher they > don't use, don't you think? Nope; as far as is publically known, for classified material they only ever approved *hardware* solutions. (In the original DES spec, a "correct" implementation had to be in hardware; certification of software implementations came maybe 10 years later...) Of course, we only know this after 20+ years of scrutiny and analysis, and that doesn't help us judge the *current* political situation. Also note that although SHA predated the MD5 attack mentioned here, didn't SHA-1 (with a change from a shift to a rotate in one place, or something subtle like that) come later? DES is way past it's prime, which is why 3DES, though computationally expensive, is a convincing followon partly *because* it takes advantage of the extensive history of DES. (3DES, like DES, still only gives you a 64bit hash, though, so it doesn't compete with SHA/RIPEMD/MD5...) -- TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to [EMAIL PROTECTED] . Trouble? e-mail to [EMAIL PROTECTED] .