OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: Re: Classified Crypto
From: Peter Gutmann (pgut001cs.auckland.ac.nz)
Date: Wed Oct 04 2000 - 07:52:50 CDT

John Young <jyapipeline.com> writes:

>NSA has at least three levels of strength for categorizing encryption
>algorithms, Types 1, 2 and 3, with 1 the strongest.
>
>Type1 examples: BATON, JUNIPER, MAYFLY, CRAYON

There are lots and lots of these things, however only the key and block sizes
are generally known. For example Baton and Juniper which you mention above are
128-bit block ciphers with 320-bit keys of which 160 bits are checksum bits
(leading to the suspicion that SHA-1 or something similar is involved in the
key creation process), it also means that, Capstone-like, you can't load an
unapproved key if you manage to lay your hands on the hardware in some manner.
Other algorithms in this class are Accordion and Saville (possibly PKC's),
Keesee and Phalanx (block ciphers from memory, I'd have to go and check the
details) and an endless array of stream ciphers. To add to the confusion there
are groups of names following the same pattern which describe complete crypto
modules rather than algorithms with the algorithms used being classified,
examples are Windster, Tepache, and Foresee. The really interesting stuff
though is the technology used to protect the crypto modules, which is called
Quadrant (cf Tempest for EMI security). Unfortunately the people who work in
this area aren't likely to be presenting papers on it at NISSC, I'm not
terribly interested in the algorithms (there are already plenty of those around
in the non-classified world) but I'd be really curious as to whether they have
any cool tamper-resistance tricks which noone else has thought of yet.

Peter.