Re: DES <weak> key list?

Bill Sommerfeld <sommerfeld@apollo.hp.com> Wed, 10 September 1997 18:15 UTC

Received: (from majordom@localhost) by portal.ex.tis.com (8.8.2/8.8.2) id OAA07516 for ipsec-outgoing; Wed, 10 Sep 1997 14:15:59 -0400 (EDT)
Message-Id: <199709101825.OAA02966@thunk.ch.apollo.hp.com>
X-Authentication-Warning: thunk.ch.apollo.hp.com: sommerfeld owned process doing -bs
To: Steven Bellovin <smb@research.att.com>
Cc: "Michael C. Richardson" <mcr@sandelman.ottawa.on.ca>, ipsec@tis.com
Subject: Re: DES <weak> key list?
In-Reply-To: smb's message of Wed, 10 Sep 1997 10:37:17 -0400. <199709101437.KAA09123@postal.research.att.com>
Date: Wed, 10 Sep 1997 14:24:59 -0400
From: Bill Sommerfeld <sommerfeld@apollo.hp.com>
Sender: owner-ipsec@ex.tis.com
Precedence: bulk

> I confess that I'm not worried about the possibility of a weak key being
> chosen at random.  

Indeed, from a pure software engineering perspective, I'm more
concerned about the reliability of code for weak key avoidance which
*could*, but probably won't ever be run in production.

How the heck are you going to tweak implementations such that you can
actually *test* the interoperability of the recovery-from-weak-key
code paths??

						- Bill