Columbia crypto box

Bill Frantz frantz at
Tue Feb 11 14:14:05 EST 2003

At 7:40 AM -0800 2/11/03, Steven M. Bellovin wrote:
>The 40-bit issue is orthogonal to the other problems with WEP.  Look at
>IBM's Commercial Data Masking Facility (CDMF), a way to degrade the
>strength of DES from 56 bits to 40 bits, while still ensuring that
>they didn't enable any less-expensive attack.

I have a lot of respect for the way IBM dealt with ITAR in this device.
Note that they did not call it secure, they called it the "Commercial Data
Masking Facility", and did not advertise it as secure against NSA level
attackers.  As Steven says, the most effective attack is exhaustive search
through the 40 bit key space.  (IIRC, basically what the device did was
reveal 16 bits of a DES key.)

Cheers - Bill

Bill Frantz           | Due process for all    | Periwinkle -- Consulting
(408)356-8506         | used to be the Ameican | 16345 Englewood Ave.
frantz at | way.                   | Los Gatos, CA 95032, USA

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at

More information about the cryptography mailing list