The ANSI X9.17 is available from ANSI (or, try your public library!). It was first published in 1985. It was re-affirmed without modification in 1991. In 1995, it was updated, but the changes have no bearing on the story; the flaw remains.
FIPS-171, published in 1992, contains recommendations for using X9.17. FIPS-171 is based on X9.17-1985. It is interesting to note that FIPS-171 recommends X9.17 for all government key exchange, including exchanges where the unsatisfied requirements are an issue:
- A data key or key-encrypting key shared between a communicating pair shall not be disclosed to a third party.
- A data key shared between a communicating pair shall be secured from third party usage.
- The compromise of any key shared between any communicating pair shall not compromise and third party.
- Key security and integrity shall be ensured.
One can argue that the loss of these requirements is not of great concern in a closed banking network, where all participants (banks) have a substantial level of trust, but for all government applications…?
FIPS-171 is available at the NIST site: http://csrc.nist.gov/fips/ (Page is no longer available and FIPS-171 retired. For current FIPS see http://csrc.nist.gov/publications/PubsFIPS.html this link was updated 2017-01-17)
X9.17 is commonly used in encrypting hardware such as modems and routers. It is one of the most commonly used symmetric-key key-exchange protocols.
X9.17 has become a bit dated. Public-key cryptography has emerged as an attractive tool for key exchange. Nonetheless, X9.17 is still commonly used, and there are no indications that the American Bankers Association (ABA) plans to switch over to a public-key protocol for Financial Institution Key Management any time in the near future.