friedman@porthos.rutgers.edu (Gadi ) (02/21/89)
In article <811@atanasoff.cs.iastate.edu> jwright@atanasoff.cs.iastate.edu (Jim Wright) writes: > In article <409@odin.cs.hw.ac.uk> davidf@cs.hw.ac.uk (David.J.Ferbrache) writes: > }security, and will be available in late May. Distribution of the technical > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ > }report will be restricted to people who have a legitimate interest > ^^^^^^^^^^^^^^^^^^^^^^^^^ > }Dave Ferbrache > secrecy is by no means equivalent to security. Witness the NBS's > DES (National Bureau of Standards' Data Encryption Standard). The > essence of its security lies not in the fact that the encoding > scheme is some (hard-to-maintain) secret, but rather in the fact that > a clever way has been found to take advantage of what is today a > known computationally "difficult" problem. > Jim Wright Not that I agree with Dave's intention of restricting the distribution of the Virsus TR. (I'd love to read a copy) However, DES is a bad example. Because the DES algorithm is so well known, it is no longer considered very secure. Any organization with a fast Cray can crack it in 8-10hrs. Sure, its more than you can do with your Apple II, but lots of organizations can do it. Newer more secure algorithms have have been developed by the NSA, and they are not planning to divulge what they are. They will just sell you a chip that does the encription/decription. The problem is that problems that are "known computationally difficult" today, might not be so difficult later. Gadi -- uucp: {ames,att,harvard,ucbvax,iuvax}!rutgers!aramis.rutgers.edu!friedman arpa: FRIEDMAN@ARAMIS.RUTGERS.EDU