Re: Announcing E v0.7.2 (javadoc & zips still missing) Jim McCoy (mccoy@yahoo-inc.com)
Mon, 23 Nov 1998 13:25:04 -0800

Bill wrote:
>The current version at EC supports three modes of crypto:
>
>(1) NONE has no data privacy.
>
>(2) BLOWFISH56 uses 56 bit Blowfish for data privacy and protecting the
>Swiss numbers. This is the data privacy mode we think we may be able to
>get thru the Commerce Department. The Swiss number hole is less gaping,
>but it is still weak.

I am curious regarding who at EC thinks that 56bit security offers any more protection than, for example, 40bit RC4 used in weak SSL? Why don't you just use the 40-bit, easily broken, known insecure cipher rather than pretending that a minor variant somehow offers an advantage? At least if the cipher chosen was one which the whole world knew was a joke for privacy there would be no one who would mistakenly assume that BLOWFISH56 somehow gave them data privacy. There is one simple test for any cipher which I (and many others among the crypto-clued who will be asked to give our opinions regarding the "security" of such a system) would like to introduce EC to:

If the U.S. Commerce Department will approve it for export, it is not strong encryption.

It is that simple. This is weak encryption trying to masquerade as strong encryption. The use of Blowfish leads some to think that the system is secure up until the point where you casually mention the joke of a keylength.

>The pecking order
>is 3DES first, Blowfish56 second, and NONE last. During connection setup,
>the suite that both ends support which is highest in the pecking order is
>selected.

And do I, as a user, have the easy ability to tell my system that there is only one pecking order: 3DES or else refuse the connection? If there is going to be any sort of security claims made, this is a very important feature.

jim