Slashdot Mirror

← Back to Stories (view on slashdot.org)

What Happened to IDEA?

Posted by Cliff on from the but-should-it-have-been-a-slashback? dept.

insomniac asks: "Recently we decided to purchase a Cryptographic Service Provider to plug into the infamous JCA. On their Web site they have links to information regarding the various patents for crypto algorithms. One of them is IDEA. They link to the Web site of the owners of the patent. However, the company was bought out recently by Entrust. I've had no response from them regarding the status of the IDEA patent, and further searching has shown up a surprising lack of info on IDEA's current status. I also noticed the recent Ask Slashdot on choosing encryption algorithms contained very little regarding this algorithm. So what happened? Has the patent forced it out of circulation? Or did someone discover a serious vulnerability?"

1 of 4 comments (clear)

  1. IDEA by rjh · · Score: 5

    IRL, I'm a full-time PGP hacker for PGP (part of Network Associates)--so keep in mind that my perspective may be biased by my employment. (And as always, I am not speaking for my employer, and this post does not constitute professional advice.)

    Basically, it proved vulnerable to some esoteric attacks. It's no longer as strong as was once thought; while it's still secure, 4.5 rounds have been broken (last I heard--considering how quickly the field moves, it might be more now.)

    Between its small security margin, its rather slow operation speed and the obnoxious patent (obnoxious both in terms of cost, and in terms of how difficult Ascom-Tech A.G.--and now apparently Entrust, too--made it to obtain one), people have just decided to use other ciphers.

    IDEA's big selling point for the longest time was that it was the only trusted replacement for DES (barring 3DES, of course). Since we now have literally dozens of trusted replacements for DES, why bother with IDEA? Blowfish is well-trusted and pretty snappy in its operation; I'm not as fond of CAST as others are, but it's held up rather well (well enough to have been a strong AES contender).

    When we have ciphers which are faster, less patent-encumbered and offer a larger security margin than IDEA, why should we continue to use IDEA? :)