Re: DMSII Encryption - does it exist?

Stephen Fuld wrote:


"Andy Mountford" <andrew.mountford@xxxxxxxxxxxxxxxxxxxxxxx> wrote in
message news:d270821eg5un0r50a775tcrot73ka4gvmj@xxxxxxxxxx
On Wed, 31 May 2006 16:47:58 -0500, Bubba <Bubba@xxxxxxxxx> wrote:

snip

I'm sorry but what is TEA?

I want to write an application (LINCII or COBOL) to maintain credit card
numbers. PCI standards dictate that the data should be encrypted and all
accesses/updates logged. Access will be very low volume so latency is not
an issue but simplicity is. We are a small shop and have limited
technical expertise.

Thanks,

Bill

TEA = Tiny Encryption Algorithm

Freely available algorithm that offers reasonable (not impregnable)
encryption and is (relatively) easy to implement.

I was unaware of TEA, so thanks for pointing it out. I did some research
and it is an interesting solution. It looks reasonably secure, but not as
secure as the "approved" standards, DES and AES, though TEA is certainly
easier to implement than eithor of these. In thinking about this, I came
up with a few questions for all of you A series guys out there.

1. Isn't there an implementation of DES that is used for the encryption
required for bank ATMs? Is this part of an application and not easily
portable or could it be easily used? If key length is a wory, then TDES
more than solves the problem. Of course, DES, but its nature and design
would be pretty slow, but has the advantag of lots of cryptographic effort
over many years with little progress.

2. There are several public domain implementations of AES (the DES
replacement, designed for efficient software implementation), readily
available although written in C. Isn' there a C compiler for A series?
Is it reasonable to mix a subroutine written in C with a main program in
another language? I an sure it could be converted to Algol with some
effort (it is typically several hundred lines of code, but C seems pretty
Algol-like for simple stuff so it seems pretty doable. I read one site
that claimed that AES was faster than TEA because, though each TEA round
is
simpler than each AES round, fewer AES rounds are required. Of course,
this may not be true on a particular architecture - or, given the web, may
not be
true at all :-(


Hello Stephen,

By what measure is it less secure than DES, AES? The original TEA algorithm
had a slight weakness in that the effective key length was reduced by 1
bit. but this is fixed in XTEA, which is what was implemented in this case.

Re 1) ATM's are not (in my experience) directly connected to a Unisys
mainframe, rather they go via a Tandem or Solaris host which handles this
and other things.

Re 2) It is not a matter of language. The problem lies in the internal
representations. All these algorithms are aimed at 32 bit, 2s-compliment
arithmetics. Handling this on MCP systems which provide 48 bit,
sign-separate is painfull. BTW debugging this stuff is horrible. TEA is
essentially a single C statement, but it took me close to 2 days to
correctly implement this. (OK, I'm rusty, but not that much). I wouldn't
volunteer to convert hundreds of lines of DES, etc.

I would think that the Unisys microcode and algol compiler could be extended
in an un-intrusive way to help with this. A new variable type, maybe.

On an NX68 the bank could encrypt and decrypt 400 pins per second. Not good,
but perfectly adequate. This included the database access.

Regards,



--
_______________________________
Pete Mullins
.

Relevant Pages

  • Re: DMSII Encryption - does it exist?
    ... encryption and is easy to implement. ... I was unaware of TEA, so thanks for pointing it out. ... Isn't there an implementation of DES that is used for the ... There are several public domain implementations of AES (the DES ...
    (comp.sys.unisys)
  • Re: DMSII Encryption - does it exist?
    ... encryption and is easy to implement. ... I was unaware of TEA, so thanks for pointing it out. ... Isn't there an implementation of DES that is used for the encryption ... There are several public domain implementations of AES (the DES ...
    (comp.sys.unisys)
  • Re: Can encryrpted packets be cracked by middle man?
    ... not need to crack it, you may just need to capture it and reuse it. ... with AES and sends that on the wire, I don't need to crack AES, as I have ... >> but good 128-bit encryption is far from trivial to break. ... What is the chance that someone could use the "DES Cracker"-like ...
    (microsoft.public.win2000.security)
  • Re: DES and 3DES
    ... Initially DES was developed by IBM and used the Lucifier algorithm ... > bit) key and was called Data Encryption Algorithm. ... DES and 3DES are being replaced with the Advanced Encryption Standard ... AES or any of the other four AES finalists. ...
    (comp.security.misc)
  • Re: DES and 3DES
    ... Initially DES was developed by IBM and used the Lucifier algorithm ... > bit) key and was called Data Encryption Algorithm. ... DES and 3DES are being replaced with the Advanced Encryption Standard ... AES or any of the other four AES finalists. ...
    (sci.math)