BATON key size

edit

The article currently reads:

BATON has a 128-bit block size and a 160-bit key. 160 bits of the key are checksum material; they doesn't affect the security of the algorithm itself but rather prevent unauthorized keys from being loaded if a BATON device ends up in the hands of an adversary.

This is certainly wrong. Probably what is meant is "16 of the bits..." but I have no information to verify this claim. Andrew 21:51, Nov 13, 2004 (UTC)

Off the top of my head, I half-remember reading that it was 320 bits, of which 160 bits were some sort of checksum, leaving 160 bits as the size of the key space. But, as we (hopefully) aren't writing articles based on half-rememberances, I'll try and dig up an actual source soon! — Matt 23:10, 14 Nov 2004 (UTC)

Used broadly?

edit

Since late 2004, the lead sentence has claimed that this cipher is "used broadly throughout the United States government to secure all types of classified information". That may have been true in 2004, but is it still so today? One would expect it to be superseded by AES, at least for civilian applications that don't rely on algorithmic obscurity. –Henning Makholm 15:45, 26 May 2007 (UTC)Reply

Yeah, or at least, I think it would be good to get some reliable sources for this sort of stuff. — Matt Crypto 16:45, 26 May 2007 (UTC)Reply

Fascinating

edit

Just want to say that this stuff is freaking fascinating. Probably more so than it would be if the whole spec were public. :) 67.119.195.43 (talk) 19:23, 21 January 2009 (UTC)Reply

Sources for some deleted material

edit

"BATON has a 96- or 128-bit block size" was deleted as unsourced, but the public PKCS#11 standard specifies BATON-ECB96 and BATON-ECB128 modes. "Like other NSA ciphers, including JUNIPER" was also deleted as unsourced, but JUNIPER-SHUFFLE is in PKCS#11, and the glossary at the end of the standard defines JUNIPER as a MISSI block cipher, like BATON. —Preceding unsigned comment added by 24.7.68.35 (talk) 04:25, 3 June 2009 (UTC)Reply