[email protected] (Todd Arnold) writes: > IBM had three channel-attached crypto units for the mainframes. > > 1977 – IBM 3845 DES encryption unit > > 1979 – IBM 3848 DES encryption unit - faster than the 3845, and added > Triple-DES > (yes, IBM already had Triple-DES in its products in 1979!) > > 1989 – IBM Transaction Security System (TSS) which included the 4753. > The 4753 was the first product to offer the CCA architecture, and it > is the ancestor of all of the other crypto processors such as the > Crypto Express cards.
in part to be used with IBM ATM machines http://en.wikipedia.org/wiki/IBM_3624 in conjunction with PIN processing and authorizing financial transactions http://en.wikipedia.org/wiki/Personal_identification_number 3624 pin processing had a weakness that could be exploited by an attacker if they had access to the banks computers discussed in more detail here (also referencing ibm 4758) http://www.cl.cam.ac.uk/techreports/UCAM-CL-TR-560.pdf disclaimer ... even tho I was in research at the time, I also had offices and labs in the Los Gatos lab ... mentioned in the 3624 wiki reference ... which also references one of my old postings from 2004. recent ibm reference http://publib.boulder.ibm.com/infocenter/zos/v1r11/index.jsp?topic=/com.ibm.zos.r11.csfb300/pinkeys.htm in the mid-80s, I was involved in doing another kind of twist on DES ... and the product crypto group (responsible for those IBM mainframe DES units) complained that I had seriously weakened DES ... however, after spending 3months in debate ... finally convinced them it was significantly stronger than standard DES (instead of weaker) ... it was hollow victory ... finding out that (at the time) there were 3-kinds of crypto: 1) the kind they don't care about, 2) the kind you can't do, 3) the kind you can only do for them (aka I was told I could build as many boards as I wanted ... but there was only one customer that they could be sold to). I was doing this HSDT effort ... some past posts http://www.garlic.com/~lynn/subnetwork.html#hsdt and spending arm&leg on T1 full-duplex DES crypto units (about 300kbyte/sec aggregate). I wanted a board that could do sustained channel speed DES crypto (ten times faster), being able to even change key on every packet (traditional DES chips tended to have high latency on key change) and cost less than $100. old email mentioning that software standard DES ran at 150kbytes/sec on 3081 processor ... aka both 3081k processors would be required to support full-duplex T1 (150kbytes/sec concurrent in each direction) http://www.garlic.com/~lynn/2006n.html#email841115 -- virtualization experience starting Jan1968, online at home since Mar1970 ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
