New vs Old (was Snake Oil)
Sam Simpson
simpson at samsimpson.com
Tue Jun 3 11:11:07 EDT 2003
On Tue, 3 Jun 2003 Jill.Ramonsky at Aculab.com wrote:
<SNIP>
> So, could someone please tell me:
>
> (1) What is the justification for using these "new" algorithms instead of
> the old ones? (A cynic might suggest that, since the "powers that be"
> couldn't break the old algorithms, they encouraged the use of new ones that
> they could. This probably isn't true, but I'm sure you can understand why
> someone might think that).
MD5 -> SHA-1 - limited hash size (128-bits vs 160) + collisions in the
compression function thanks to Dobbertin.
RSA -> DH/DSS - back in the day RSA was patented and DH/DSS was free.
Also I recall that RSA wasn't a NIST approved algorithm when DSS was
released. Splitting the signature and encryption keys was also good
practice and if you're going to break backwards compat. then there's not a
great argument for sticking with RSA.
IDEA -> CAST5. IDEA is patented, CAST5 isn't. Note that 3DES is the
only MUST algorithm in the RFC.
Banks/governments etc seem to like the combination of 3DES/SHA-1 (see e.g.
FIPS 140).
> (2) What actually _IS_ DH/DSS? (I don't mean what do the initials it stand
> for, I mean what actually is the algorithm?). I ask because I can understand
> RSA, and implement it myself relatively straightforwardly, but I have not
> been able to find an explanation, simple or otherwise, of what the DH/DSS
> algorithm actually is, or of why it's hard to break.
>
> (3) Ditto CAST and SHA-1.
My dated but still relevant PGP FAQ answers these questions and more:
http://www.samsimpson.com/pgpfaq.html
Hope this helps,
Sam
Regards,
Sam Simpson
------------------------------------------------------------------------------
Mail: sam at samsimpson.com
Web: http://www.samsimpson.com/
Mobile: +44 (0) 7866 726060
ICQ: 10385495
"When it comes to humility, I'm the greatest" -- Bullwinkle Moose
------------------------------------------------------------------------------
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list