Hi Mike,
Firstly I would point out that I don't know the actual algorithms for most of
the methods we are discussing, so if a comment seems a bit off hand - well, it
probably is. ;)
Mike Sheldon wrote:
>
> IDEA has been shown to have some weak keys. However, the odds of you
> actually choosing such a key are nearly non-existent (The weak keys fall
> into a certain pattern which doesn't fit any normal password.) The odds of
> choosing one randomly are 1 in 2^96. There is also an XOR value that can be
> run against keys that will completely eliminate the possibility of producing
> a weak key.
But if some weak keys can be shown to exist, can we be sure that there isn't a
whole new class of weak keys that are so far undiscovered? If an algorithm has
weak keys which are an obvious by-product of the mathematical description, and
can be easily avoided, that is one thing, but unpredictably weak keys could be
disastrous.
> RC5 is relatively untested at this point, and is therefore of unknown
> security. Also, RSA has applied for patent on RC5, so it's not available for
> use without license. (This will also likely discourage further attempts to
> test it by the experts.)
I've seen a document on both linear and differential attacks on RC5, and it
seemed fairly convincing. It seems that out of the three operations involved
(addition, xor and rotation), two of them have incompatible linear analysis
techniques, and a different two of them have incompatible differential formulae.
So far distributed.net seems to be chugging along at about as slow a rate as one
would expect.
On the other hand, I'm not so keen on the whole licensing thing... ;)
> Using a block cipher in place of a stream cipher does not make it a stream
> cipher. :) It's still a block cipher. The lesson here is that unless you are
> dealing with "continual real-time transmission" of data, stream ciphers are
> not called for. (Even many transmission situations do not call for stream
> ciphers, ie. SSL and IPsec, which use block ciphers.)
When you are talking about stream ciphers, are you thinking bit streams? In that
case... well, the start of the message seems almost doomed to be easy to crack
because there's an insufficient number of message combinations if you can only
take historical parts of the data into account.
> Undoubtedly, my favorite is Blowfish. I've used it, it performs very well,
> source-code is readily available (www.counterpane.com), there are is known
> crytanalysis against non-reduced-round Blowfish, and there are no licensing
> issues.
>
> Note that 16-round Blowfish (standard) is more than twice as fast as
> 16-round RC5, and 20-round Blowfish is still almost twice as fast. In order
> to beat 20-round Blowfish, you would have to drop to 8 rounds of RC5. (RC5
> is a real dog, though not as slow as DES) Note that Twofish is slightly
> faster than Blowfish, even though it has a 128 bit block size vs. the 64 bit
> block size of Blowfish and RC5.
I'm actually surprised that Blowfish is faster, because the RC5 inner loop is
pretty damn simple. Is there a site about the algorithm anywhere that you know
of? Incidentally, RC5 _is_ expandable to whatever block size you like. Does the
same apply to Blowfish?
> Some more info on Twofish:
>
> Twofish is from the same people who brought you Blowfish. (Bet you'd never
> have guessed!) It is their submission for the Advanced Encryption Standard
> (AES) which will replace DES. Currently, it is one of five finalists from an
> original group of fifteen. It is unpatented, source code is uncopyrighted,
> and is available for use without license. (code can be downloaded from
> www.counterpane.com) It's also one of the most tested algorithms out there,
> since the competition is banging on it to try to prove it unsuitable, in
> favor of their own algorithms.
Thanks for the info, I don't have time to keep track of developments in the
encryption field these days... ;)
David
------------------------------------------------------------------------------
Archives: http://www.eGroups.com/list/cf-talk
To Unsubscribe visit
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk or send a
message to [EMAIL PROTECTED] with 'unsubscribe' in the body.
