Date: 3 Oct 2000 06:15:09 -0400 Message-ID: <20001003101509.16076.qmail@xuxa.iecc.com> From: owner-telecom-digest@telecom-digest.org (Telecom Digest) To: telecom-digest@telecom-digest.org Subject: Telecom Digest V2000 #75 Reply-To: editor@telecom-digest.org Sender: owner-telecom-digest@telecom-digest.org Errors-To: owner-telecom-digest@telecom-digest.org Precedence: bulk X-UIDL: a87159903a7ba46ecc1ccb4774c605d7 Status: RO X-Status: Telecom Digest Tuesday, October 3 2000 Volume 2000 : Number 075 In this issue: Commerce Department Announces Winner of Global Information Security Competition Re: Carnivore Review Team Exposed! ---------------------------------------------------------------------- Date: 2 Oct 2000 21:49:00 -0400 From: Monty Solomon Subject: Commerce Department Announces Winner of Global Information Security Competition http://www.nist.gov/public_affairs/releases/g00-176.htm Commerce Department Announces Winner of Global Information Security Competition * News Release * AES: Questions and Answers * Comments About the AES from Industry and Government Executives * Statement from Rijndael Developers * Biography of Rijndael Developer Joan Daemen * Biography of Rijndael Developer Vincent Rijmen * Remarks at AES Press Conference by Dr. Cheryl Shavers, Under Secretary of Commerce for Technology * Remarks at AES Press Conference by Ray Kammer, NIST Director * Go to the AES web site Commerce Department Announces Winner of Global Information Security Competition FOR IMMEDIATE RELEASE: Oct. 2, 2000 Contact: Philip Bulman (301) 975-5661 G 2000-176 A worldwide competition to develop a new encryption technique that can be used to protect computerized information ended today when Secretary of Commerce Norman Y. Mineta announced the nation's proposed new Advanced Encryption Standard. Mineta named the Rijndael (pronounced Rhine-doll) data encryption formula as the winner of a three-year competition involving some of the world's leading cryptographers. "Once final, this standard will serve as a critical computer security tool supporting the rapid growth of electronic commerce," Mineta said. "This is a very significant step toward creating a more secure digital economy. It will allow e-commerce and e-government to flourish safely, creating new opportunities for all Americans," he said. Computer scientists at the National Institute of Standards and Technology, an agency of the Commerce Department's Technology Administration, organized the international competition in a drive to develop a strong information encryption formula to protect sensitive information in federal computer systems. Many businesses are expected to use the AES as well. The proposed selection of Rijndael as the AES will be formally announced in the Federal Register in several months, and NIST then will receive public comments on the draft Federal Information Processing Standard for 90 days. Researchers from 12 different countries worked on developing advanced encoding methods during the global competition. NIST invited the worldwide cryptographic community to "attack" the encryption formulas in an effort to break the codes. After narrowing the field down from 15 formulas to five, NIST invited cryptographers to intensify their attacks on the finalists. The agency and the world cryptographic community also evaluated the encoding formulas for factors such as security, speed and versatility. The Rijndael developers are Belgian cryptographers Joan Daemen (pronounced Yo'-ahn Dah'-mun) of Proton World International and Vincent Rijmen (pronounced Rye'-mun) of Katholieke Universiteit Leuven. Both are highly regarded experts within the international cryptographic community. NIST organized and managed the competition with considerable private-sector cooperation. The competing AES candidates were sophisticated mathematical formulas called algorithms. Algorithms are at the heart of computerized encryption systems, which encode everything from electronic mail to the secret personal identification numbers, or PINs, that people use with bank teller machines. When approved, the AES will be a public algorithm designed to protect sensitive government information well into the 21st century. It will replace the aging Data Encryption Standard, which NIST adopted in 1977 as a Federal Information Processing Standard used by federal agencies to protect sensitive, unclassified information. DES and a variant called Triple DES are used widely in the private sector as well, especially in the financial services industry. The effort to establish the AES reflects the dramatic transformation that cryptography has undergone in recent years. Just a few decades ago the science of cryptography was an esoteric endeavor employed primarily by governments to protect state and military secrets. Today, millions of Americans use cryptography, often without knowing it. Most people who use automated teller machines have used cryptography because the secret PINs required by the machines are encrypted before being sent to a computer that makes sure the number matches the card. Others use information encryption when they make a purchase over the Internet. Their credit card numbers are encrypted when they place an order. Hundreds of encryption products currently employ DES or Triple DES, and such systems have become almost ubiquitous in the financial services industry. Consequently, the selection of the AES may affect millions of consumers and businesses. NIST requested proposals for the AES on Sept. 12, 1997, and a variety of organizations around the world responded with enthusiasm. Each of the candidate algorithms was required to support key sizes of 128, 192 and 256 bits. For a 128-bit key size, there are approximately 340,000,000,000,000,000,000,000,000,000,000, 000,000 (340 followed by 36 zeros) possible keys. NIST evaluated the candidate algorithms and received invaluable assistance from cryptographers at computer security companies and universities around the world. Good security was the primary quality required of the winning formula, but factors such as speed and versatility across a variety of computer platforms also were considered. In other words, the algorithms must be able to run securely and efficiently on large computers, desktop computers and even small devices such as smart cards. NIST and leading cryptographers from around the world found that all five finalist algorithms had a very high degree of security. Rijndael was selected because it had the best combination of security, performance, efficiency, implementability and flexibility. The AES competition was organized by computer scientists in NIST's Information Technology Laboratory. A lengthy technical analysis of the AES candidates is being posted on NIST's web site today at www.nist.gov/aes. After the public comment period, NIST will revise the proposed standard-if appropriate-and submit it to the Secretary of Commerce for adoption as an official federal standard. This process is expected to be complete by the spring of 2001. Press contacts for the Rijndael team: Joan Daemen Tel: +32 2 724 55 08, Fax: +32 2 727 62 50 daemen.j@pwi.be Vincent Rijmen Tel: +32 16 32 18 62, Fax: +32 16 32 19 86 vincent.rijmen@esat.kuleuven.ac.be As a non-regulatory agency of the U.S. Department of Commerce's Technology Administration, NIST strengthens the U.S. economy and improves the quality of life by working with industry to develop and apply technology, measurements and standards through four partnerships: the Measurement and Standards Laboratories, the Advanced Technology Program, the Manufacturing Extension Partnership and the Baldrige National Quality Program. - - 30 - For more information about NIST, see our web site at www.ta.nist.gov. - -- The Telecom Digest is currently robomoderated. Please mail messages to editor@telecom-digest.org. ------------------------------ Date: 3 Oct 2000 01:13:01 -0400 From: "Michael D. Sullivan" Subject: Re: Carnivore Review Team Exposed! The yahoo.com address was supplied by the FBI in written materials, and confirmed by telephone with the FBI staff responsible for processing CALEA implementation plans, after folks at my law firm were just a bit incredulous. We got written confirmations from the FBI for the filings submitted via yahoo.com, identical to those received for hand-delivered filings. STRANGE BUT TRUE. - -- Michael D. Sullivan avogadro@bellatlantic.net Bethesda, MD, USA "John McHarry" wrote in message news:qbedts4rkrhgahqp219defd69ks9d3odrt@4ax.com... > On 29 Sep 2000 03:46:24 -0400, "Michael D. Sullivan" > wrote: > > .... > >This FBI ineptness with regard to privacy and security isn't surprising. > >When the FBI "invited" telecom carriers to reveal highly sensitive > >information regarding their switches, etc., in connection with CALEA > >compliance earlier this year, the Feds asked that the information be emailed > >to a free account at yahoo.com. Believe it or not, it's true. > > Well, _somebody_ may have "invited" them. I doubt the FBI uses > Yahoo accounts for something like that. > -- > The Telecom Digest is currently robomoderated. Please mail > messages to editor@telecom-digest.org. - -- The Telecom Digest is currently robomoderated. Please mail messages to editor@telecom-digest.org. ------------------------------ End of Telecom Digest V2000 #75 *******************************