the effects of a spy
Jack Lloyd
lloyd at randombit.net
Thu Nov 17 21:15:42 EST 2005
On Thu, Nov 17, 2005 at 12:10:53PM -0500, John Kelsey wrote:
> c. Maybe they just got it wrong. SHA0 and SHA1 demonstrate that this
> is all too possible. (It's quite plausible to me that they have very
> good tools for analyzing block ciphers, but that they aren't or
> weren't sure how to best apply them to hash functions.)
SHA-* also look very much like the already existing and public MD4 and MD5... I
would be very willing to bet that the NSA's classified hash functions (I assume
it has some, though to be honest I have only ever seen information about block
ciphers) look nothing like SHA. Perhaps their analysis tools apply well to the
ones that they build internally, but did not to an MDx-style hash, and they did
not want to release a design based on some clever design technique of theirs
that the public didn't know about; when SHA was released, Clipper and the
export controls were still in full swing, so it seems pretty plausible that the
NSA wanted to limit how many goodies it gave away.
</speculation>
-Jack
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list