| To: | "Email List: Cipe" <cipe-l,AT,inka,DOT,de> |
| Subject: | Re: Relevant information |
| From: | "Dave Howe" <DaveHowe,AT,cmn,DOT,sharp-uk,DOT,co,DOT,uk> |
| Date: | Wed, 1 Oct 2003 11:32:53 +0100 |
| References: | <000e01c3860a$6d169fa0$d620a8c0@pcw_hans.hnsasd.priv> <3F79BA93.4020009@hp.com> <200309301951.17616.steegers@steegers.nl> |
Op dinsdag 30 september 2003 19:17, schreef u: > Rewriting history Hans? What was surprising in the discovery of > differential crypt-analysis wasn't how weak DES was, but how strong > the addition of S-Boxes made it to this new form of attack. Biham > and Shamir's work probably exposes the limits of what the NSA knew > in the '70s, but trying to describe NSA's attempt to strengthen DES > against differential cryptanalysis as a fatal weakness inserted by > NSA is just bizarre. DES remains significantly stronger than it > would have been without the addition of S-Boxes to IBM's original > proposal, and Biham I thought the NSA "weakening" was in the area of keylength, not the s-boxes (which were protected fairly effectively by the NSA against attacks known to the NSA but not the general community, therefore strengthening the key they *did* allow....)