Fwd: [FDE] Largest Ever Single FDE implementation

[Saqib Ali]

-- Forwarded message --
From: Bryan Glancey [EMAIL PROTECTED]
Date: Dec 27, 2006 7:47 AM

For everyone on this list's interest. The US Government is currently
conducting the largest single side-by-side comparison and competition
for the selection of a Full Disk Encryption product. This
implementation will end up being the largest single implementation
ever, and all of the information regarding the competition is in the
public domain. The winner (s) will deploy MILLIONS of seats in the US
federal government space.

You can read about the competition, which will come to a close in the
next 90 days at:

http://www.fbo.gov/spg/USAF/AFMC/ESC/FA8771-07-R-0001/Attachments.html

Regards;

Bryan Glancey

saqib
http://www.full-disk-encryption.net

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]

Wikipedia cryptography pages

[Perry E. Metzger]

The Wikipedia sections on crypto are getting quite interesting. See:

http://en.wikipedia.org/wiki/Portal:Cryptography

Members of this list who know a lot on the subject might want to lend
a hand on some of the articles.

Perry

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]

Re: Security Implications of Using the Data Encryption Standard (DES)

[William Allen Simpson]

Leichter, Jerry wrote:

| note that there have been (at least) two countermeasures to DES brute-force
| attacks ...  one is 3DES ... and the other ... mandated for some ATM networks,
| has been DUKPT. while DUKPT doesn't change the difficulty of brute-force
| attack on single key ... it creates a derived unique key per transaction and
| bounds the life-time use of that key to relatively small window (typically
| significantly less than what even existing brute-force attacks would take).
| The attractiveness of doing such a brute-force attack is further limited
| because the typical transaction value is much less than the cost of typical
| brute-force attack
Bounds on brute-force attacks against DESX - DES with pre- and post-whitening
- were proved a number of years ago.  They can pretty easily move DES out
of the range of reasonable brute force attacks, especially if you change
the key reasonably often (but you can safely do thousands of blocks with
one key).

One can apply the same results to 3DES.  Curiously, as far as I know there
are to this day no stronger results on the strength of 3DES!

I find it interesting that no one seems to have actually made use of these
results in fielded systems.  Today, we can do 3DES at acceptable speeds in
most contexts - and one could argue that it gives better protection against
unknown attacks.  But it hasn't been so long since 3DES was really too
slow to be practical in many places, and straight DES was used instead,
despite the vulnerability to brute force.  DESX costs you two XOR's - very
cheap for what it buys you.


The IETF/IESG refused to publish the ESP DES-XEX3-CBC Transform submitted
as draft-ietf-ipsec-ciph-desx-00 (1997) and draft-simpson-desx-01 and
draft-simpson-desx-02 (1998).

Of course, they also refused to publish draft-simpson-des-as-00 (1998) and
draft-simpson-des-as-01 (1999) that deprecated DES -- despite strong
votes of support at SAAG and PPP meetings.

There was an Appeal of IESG inaction, decisions of 13 Oct 1999 and 16 Feb 
1999.
http://www1.ietf.org/mail-archive/web/ietf/current/msg11160.html

The NSA and Cisco folks that were involved in IKE/ISAKMP advocated DES,
refusing to assign code points for DESX.  Gosh, I wonder why

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]