Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Posting-Version: version B 2.10.2 9/18/84; site utcsri.UUCP
Path: utzoo!utcsri!carroll
From: carroll@utcsri.UUCP (Eric Carroll)
Newsgroups: net.crypt
Subject: Re: DES certification
Message-ID: <1270@utcsri.UUCP>
Date: Thu, 18-Jul-85 19:54:23 EDT
Article-I.D.: utcsri.1270
Posted: Thu Jul 18 19:54:23 1985
Date-Received: Thu, 18-Jul-85 20:42:24 EDT
References: <9028@ucbvax.ARPA> <3154@cornell.UUCP> <405@petrus.UUCP>
Reply-To: carroll@utcsri.UUCP (Eric Carroll)
Organization: CSRI, University of Toronto
Lines: 18
Keywords: DES, electronic surveillance
Summary: Nasty Russians are listening.

In article <405@petrus.UUCP> karn@petrus.UUCP (Phil R. Karn) writes:
> 1. To formally adhere to DES (i.e., to gain a certification from NBS), you
> have to implement the algorithm in hardware on a special-purpose chip.
> General purpose computer software implementations are not certifiable.  I've
> never understood this requirement...
>
> Phil

    One reason for this is that it is currently possible to monitor the
electromagnetic 'noise' the machine emits, and analyze that to discover
some of what the machine is doing. Another reason is that software
can be changed; if I have access to a system with a software implementation
of DES, I could conceivably hack it to log all the attempts at encryption
into a local file, or out to the phone line. Both compromise the
whole idea of an encryption, namely that, in the ideal case, no-one but
myself and the sender can read the message. The US DoD has very strict
rules on the shielding requirments of machine rooms that house computers
with access to top secret information.