[Cryptography] Boing Boing pushing an RSA Conference boycott

Phillip Hallam-Baker hallam at gmail.com
Thu Jan 16 07:58:15 EST 2014 

On Thu, Jan 16, 2014 at 7:22 AM, Peter Gutmann <pgut001 at cs.auckland.ac.nz>wrote:

> Jonathan Hunt <j at me.net.nz> writes:
> >On Wed, Jan 15, 2014 at 12:48 PM, Phillip Hallam-Baker <hallam at gmail.com>
> wrote:
> >> What then should we do about all the folk clinging to 3DES? How about
> the
> >> people who stuck with MD5? How about the people who have not junked
> SHA-1?
> >
> >I don't think anyone recommends using these broken constructs in new
> projects
> >(i.e. sets them as default in a cryptography library).
>
> Since when was 3DES a broken construct?  In fact in the early-mid 2000's
> there
> were several papers published that made AES look a bit shaky (none of the
> attacks were developed much further, but we didn't know that at the time),
> so
> sticking to 3DES, with its extra quarter century of provenance, was a
> perfectly sensible move.  Even now, it's unlikely that any algorithm has
> received as much attention and analysis as 3DES.
>

The problem is the same problem as usual with DES: Adi Shamir. Remember
when he got bounced from that NSA conference? He gave a talk at MIT
instead. And what he showed generalizes the meet in the middle approach.

It isn't a break of 3DES but the approach does show how the construction
approach is weak.

The reason I point it out is that what we had in 2007 was very similar.
There was no proof that the algorithm is backdoored. I am not aware that we
have an actual smoking gun in the Snowden docs even today. No 'Time for
some backdoor in DUAL_EC_DRNG'.

But what there is today on 3DES is certainly enough for those of us who
went to the right talks to be able to say in 5 or 6 years, 'told you 3DES
was vulnerable'. It wouldn't really be fair, it would be using a huge slice
of hindsight. But so are the people complaining about RSA.


-- 
Website: http://hallambaker.com/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20140116/a11ecd8f/attachment.html>

More information about the cryptography mailing list