Re: DES <weak> key list?

Bill Sommerfeld <> Wed, 10 September 1997 18:15 UTC

Received: (from majordom@localhost) by (8.8.2/8.8.2) id OAA07516 for ipsec-outgoing; Wed, 10 Sep 1997 14:15:59 -0400 (EDT)
Message-Id: <>
X-Authentication-Warning: sommerfeld owned process doing -bs
To: Steven Bellovin <>
Cc: "Michael C. Richardson" <>,
Subject: Re: DES <weak> key list?
In-Reply-To: smb's message of Wed, 10 Sep 1997 10:37:17 -0400. <>
Date: Wed, 10 Sep 1997 14:24:59 -0400
From: Bill Sommerfeld <>
Precedence: bulk

> I confess that I'm not worried about the possibility of a weak key being
> chosen at random.  

Indeed, from a pure software engineering perspective, I'm more
concerned about the reliability of code for weak key avoidance which
*could*, but probably won't ever be run in production.

How the heck are you going to tweak implementations such that you can
actually *test* the interoperability of the recovery-from-weak-key
code paths??

						- Bill