Re: Critics blast Windows 2000's quiet use of DES instead of 3DES

[David Honig]

At 12:56 AM 5/19/00 -0500, John Kelsey wrote:
>few thousand known plaintexts), that fact will be kept secret.  Which
>means that they will have to be *very* careful making any use of
>information recovered from that break, to avoid leaking the fact that
>they can break it.
>- --John Kelsey, [EMAIL PROTECTED]

Surely you know this is the first thing taught to pro (vs academic) analysts?

People have died to conceal analysis (see Kahn on WWII); the US
can't convince anyone about the five-million-dollar-man (bin Laden; or link
Libya to Lockerbie, etc.) because the spooks don't want to reveal their
sources.  This is even stated fairly frequently by the mouthpieces
in D.C. these days.

So not tipping your hand is standard procedure; ergo history favors
paranoia.

[Covert agents also appreciate it when you don't act immediately
on things they've leaked to you.. makes them too easy to sniff/snuff out..]

Vulnerability analysts are like blackhat crackers: they don't send memos
to the design team...