# [HARDWARE] ongoing work

Melvin Ming-Che Tsai tsaimelv at pilot.msu.edu
Wed Apr 28 00:15:07 EDT 1999

```> I'm sending this to the rc5 list, since it's not actually hardware
> specific, and I figure some others may be interested....
>
>
> On Tue, 27 Apr 1999, Robert Norton wrote:
>
>
> > Still, I had an idea somewhat along those lines.  If RC5 is a giant
> > mix master of the bits, it does so by going along many steps of
> > blending.  If you could run backwards from the final one step, and
> > still know some of the bits, say maybe 20 of the 64, then you could
> > do a encoding pass up to just befoe the last step, and check only
> > those 20 bits that are known.
>
> Interesting.  Since it's one way encryption, you can't actually decrypt
> it, but I could definately believe there's a possibility that, going
> backwards through the algorithm, you could generate some probabilities.
> Figure out which keys would be most likely to be correct....
>

If you study the last few steps of the algorithm it becomes painfully obvious
that this can't work :(...  What happens in the algorithm is that you can
determine a few of the bits from the last step ONLY if you knew the result of
the step before it.  And, trying to guess the result of the step before it is
more difficult than guessing the original key (you must guess at a 128 bit
value which is a lot more difficult than guessing the original 64 bit key).  I
spent hours trying to figure out a way to possibly gain some sort of advantage
by backstepping through the algorithm, and I couldn't do squat.  Neither has
anyone else, for that matter :(.

There is, however, a point in the algorithm where you know some intermediate
values, but it doesn't help you much.  The bovine client incorporated this trick
a while ago, it increases cracking speed by about 2 or 3% which is basically
negligible.

-Mel
--
To unsubscribe, send 'unsubscribe hardware' to majordomo at lists.distributed.net

```