Re: RE: [ISN] DARPA pulls OpenBSD funding

[yossarian <yossarian () planet nl>]

> > is getting really hard. Anyway, underneath it is probably US anyway.
Another
> > customer decided to get rid of american crypto software, since he is
afraid
> > of economic espionage by No such 'n such Agency, helping his us based
> > competitors. The Brussels incident didn't really help here.These
politically

> So, what does he use for UNIX password encryption; MD5 (Ron Rivest, USA)
> or Blowfish (Bruce Schneier, USA)?  For PGP hashes?

IDEA is russian, and the password hashes are not obvious to him, so no issue
yet. But moving to IDEA is a distinct possibility - the PGP used already is
IDEA, but also MD5. Viz-a-viz Blowfish - having to decide on what block
cipher is interesting, we are to move to AES, - belgian, made by these very
friendly people in Leuven. The fact that the US adopted it, does not make it
US. Belgium being a strong opposer to Bush' politics makes it a very good
possibility. Will look in these people's other work as well, SHARK and
SQUARE.

- but ah, implementations... any cryptosystem out there uses a combination
of ciphers
for its various roles, so going around MD5 or SHA will be harder, SHA being
NIST stuff.but I need a MAC.

> > It's a little difficult to completely avoid US products in the
> > encryption field.  And if your response is along the lines of "Open
> > Source, can't hide anything", I'll save time and summarize my rebuttal
> > now; DES, Differential Cryptanalysis, NSA, 20 years.

DES was built, when the Lucifer-project was partly manned by them, all they
did was withhold the weakness found for 12 years. And no, i am not an open
source kind of person, but i feel it is being forced on me by circumstances.


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html