sam at samsimpson.com
Thu Aug 30 20:39:01 CEST 2001
On Wed, 29 Aug 2001, Dr. Evil wrote:
> > > all your users. You don't. I could list a dozen reasons why, in some
> > > cases, DES might be a better choice than AES, for instance. Can you
> > > think of some?
> > There are no technical reasons. If there is a organization which has
> > a need for weak encryption, they should write their own or stripp
> > GnuPG down to that.
> No one can argue that DES is as secure as AES, but I can think of some
> great technical reasons for sometimes using DES in a cryptosystem.
> 3. A researcher is doing performance comparisons among different
> crypto algorithms, and wants to include DES as a reference point.
NIST used 3DES as a security / performance benchmark for AES, so you have
> So far, those are all technical reasons. Now for some non-technical
> 4. A company is operating in a country or regulatory environment where
> DES is mandated by law or by contract for some reason. For
> instance, financial regulations require banks to use DES in some
ANSI now mandates 3DES as the standard encryption algorithm (x9).
> 5. A company wants to protect secrets from casual snooping or
> subpoenas, but wants to be able to read its employees' email if it
> really really needs to.
Erm, why not you some form of key or message recovery rather than using
Besides, if something is readable by an employer, I'm sure it can be under
court order or subpoena.
> 6. An author wants to protect his work, but wants to make sure he has
> a back door in case he loses or forgets his key.
Use key recovery, use duplicate keys. Use any of a million different
> 7. A company is protecting data which have only a very short duration
> of usefulness (maybe stock market trading orders) and they always
> have used DES, and it's still good enough for this use.
If sub 24-hrs security is acceptable, this is very true.
> 8. A company wants to sell it in a product, and they want a long
> feature list, such as "includes DES support", even if no one will
> use it.
> 9. The value being protected is small, and the rest of the system is
> fairly weak, so DES wouldn't be the weakest link. Example: an
> on-line chat system where people are exchanging low-value
> 10. A government wants to buy a lot of crypto tools, but doesn't want
> to deploy things which it can't break if it needs to.
hhhmm, I think they'd use escrow or there own algorithm.
> 11. Archives from the 70s are stored in DES format, and it's not worth
> converting them, but they need to be readable.
> 12. A new cryptoanalysis method is discovered, and DES is more secure
> than the alternatives given this attack method (I know, highly
Yeah, very unlikely!
> > > configure my Apache/SSL server to support only 40-bit DES or no
> > > encryption at all if I want to. I'm glad to have the choice. The
> > And so is the GCHQ
> And in some countries (like the US for instance), whatever is the
> local equivalent of the GCHQ has enough power to mandate their wishes,
You mean the NSA I assume.
> and so the options are: use no crypto, use weak crypto, or go to jail.
> Weak crypto may be the best of those three choices.
This isn't true: you can use any crypto you want in the US. You don't go
to jail for using strong encryption. There has never been such a law.
sam at samsimpson.com
Mob: +44 (0) 7866 726060
Home Office: +44 (0) 1438 229390
Fax: +44 (0) 1438 726069
More information about the Gnupg-devel