Reply to post: Re: public encryption gets banned...

White House mulls just banning strong end-to-end crypto. Plus: More bad stuff in infosec land

Anonymous Coward
Anonymous Coward

Re: public encryption gets banned...

My take on Clipper covering the use of DES, discovery of weaknesses, attempt to move to Skipjack and subsequent release of 3DES/AES:

- DES was introduced in the 1970's

- differential cryptanalysis meant that DES was likely broken in the late 1980's with formal proof published in 1992.

- In 1993, DES was the standard for export grade encryption with 3DES used by the US

- Skipjack/Clipper was proposed as a replacement to DES and was stronger in theory due to a slightly longer key length (80 bits) but allowed for a key escrow method for law enforcement to easily obtain the key

- Between 1993 and 1998 significant effort was put into proving DES was broken and developing a replacement.

- the first 3DES RFC was released in 1995.

- In 1998, Skipjack was formally published and broken within 24 hours.

- in 1998, 3DES was formally published as part on a US effort to provide a secure alternative to DES

- in 1998, AES was formally published as part on an international effort to provide an Internationally approved encryption standard

- in 2000, export restrictions on 3DES were significantly relaxed for western countries. Given the widespread availability of 3DES hardware, this was likely a move to avoid AES becoming the international encryption standard before weaknesses were known although AES hardware was more expensive than the 3DES equivalent so this is speculation on my part.

That was an awful lot of activity within the space of 5 years - look how far we have progressed in the 20 years leading up to the 19990's and the 20 years since then (increased key lengths, but these were largely known at the time, moved from SHA1 to SHA2 but again this was largely known in the late 90's with the official release following further analysis and ECC).

I'm not trying to downplay the work in this field because the their has been a lot done in establishing encryption strength and searching for weaknesses that has re-affirmed our trust in the standards used, but compared to a period of almost blind panic when the US governments plans for secure encryption were dictated by industry and the international community rather than US internal policies and strategies for weakening encryption with Clipper.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon


Biting the hand that feeds IT © 1998–2019