FYI: RISKS DIGEST 14.62

[Dave Farber <farber@central.cis.upenn.edu>]

------ Forwarded Message

Date: Sun, 16 May 1993 11:30:25 EST
From: Marc Rotenberg <Marc_Rotenberg@washofc.cpsr.org>
Subject: Re: Denning on NIST/NSA Revelations (Sobel, RISKS-14.59)

David Sobel, CPSR Legal Council, wrote in RISKS DIGEST 14.59:
>> 	The proposed DSS was widely criticized within the computer
>>      industry for its perceived weak security and inferiority to an
>>	existing authentication technology known as the RSA algorithm.
>>	Many observers have speculated that the RSA technique was
>>	disfavored by NSA because it was, in fact, more secure than the
>>	NSA-proposed algorithm and because the RSA technique could also
>>	be used to encrypt data very securely.

Dorothy Denning responded in RISKS Digest 4.60
> This is terribly misleading. NIST issued the DSS proposal along with a
> public call for comments as part of their normal practice with proposed
> standards.  The community responded, and NIST promptly addressed the 
> security concerns.  Among other things, the DSS now accommodates longer 
> keys (up to 1024 bits).  As a result of the revisions, the DSS is now 
> considered to be just as strong as RSA.

Denning has to be kidding.  The comments on the proposed DSS were uniformly
critical.  Both Marty Hellman and Ron Rivest questioned the desirability of
the proposed standard.

One of the reasons for the concern was the secrecy surrounding the development
of the standard.  The documents disclosed by NIST and NSA to CPSR make clear
that NSA used its classification authority to frustrate the attempt of even
NIST's scientists to assess the candidate algorithm.

This is not part of "normal practice."  In fact, NSA's efforts to blindfold
NIST and the secrecy surrounding the process violated the central intent of
the Computer Security Act, the very law that governs the relationship between
NIST and NSA.

Marc Rotenberg, CPSR Washington office
------ End of Forwarded Message