FYI: AES patch

Gregor Longariva
Fri, 13 Oct 2000 13:25:33 +0200

On Thu, Oct 12, 2000 at 07:42:40PM +0200, Johan Wevers wrote:

> Vergonet, Henk wrote:
> > But I agree with Werner:
> > It's likely the NSA have already found a backdoor in the
> > algorithm, this is probably why the NIST has selected it ;).
> When did Werner say this?
I can not imagine Werner did really said this ;-) Werner, am I wrong?
> BTW, not that I trust the NSA, but doesn't selecting a weak cipher also give
> certauin risks to themselves when someone else can also bvreak it? And
> didn't they actually make the original IBM DES design stronger by optimizing
> it against differential cryptanalyses in a time when this technique wasn't
> known in the civilian crypto world?
In fact nobody knows if they really did. IBM proposed DES to NBS/NIST for the requested Public Cipher Algorithm. NSA (at that time the Agency did not publicly admit their own existence) checked the algorithm and changed the S-Boxes. This was the only thing done by NSA (officially to assure IBM did not put any trapdoor in DES - some people pointed to this as evidence NSA put themselve a trapdoor in DES. But no cryptoanalysis did ever prove this theory). Tuchman and Meyer, two of the cryptographers at IBM who designed DES, said NSA did not alter the design: "NSA did not dictate a single wire" -- Gruesse Gregor -+-+-+- All true wisdom is found on T-shirts. -- Archive is at - Unsubscribe by sending mail with a subject of "unsubscribe" to