[rc5] Some Deep questions
bkfoddy at skypoint.com
Sun Aug 17 23:01:02 EDT 1997
I've been thinking about this whole process.
And there are some questions I have.
1. I understand besides fun and money, this is an attempt
to prove a 56bit encryption key is not safe enough. But my
question is how realistic is this attempt to disprove this.
Specifically, how are the results checked? What knows
when we've hit the right key? Does the client, do the
servers? And how do they know it? I understand there is
a known string in the message. If the clients or severs
simply try a key, then test for this known string, that's
not very realistic. Or does the client "know" by some other
magic way this is the right key. If they use this know string,
then consider this:
Suppose I type up a letter and encrypt it. Now
somebody wants to break it. Since they don't know what is in
the letter, they probably can't do string matches for certain
words. Maybe they could look for words like "the" "is" etc.
But what if my letter doesn't contain those strings? Suppose
before encrypting it, I do a simple ASCII+1 to every character.
That would make the letter total garbage for almost every type of
word you look for. Even spaces and CRLF would be different.
With the right decryption code, it would be trivial to
decode this garbage but you would have to have the right
letters to start with.
See where I'm going with this? Now if the client "knows"
by some other way this is the right key, then it would be
a different story. And I don't know enough about this
stuff to answer this question. Maybe somebody else does.
But if we do need to do a string match, something as simple
as I just described would probably never be broken.
Even a 40 or 32 bit key would probably never be broken.
2. Now a second deep theoretical question...
Suppose I use the same algorithm to encrypt a message twice
with two different keys. It would not surprise me if
this double encryption could be solved by a third unique
key; like the third side of a triangle will get you to
the same point. Is this true?
Now don't get me wrong, despite my questions about what
we are doing, I'm not backing out. Currently I'm hovering
around the top 100 email per day and I intend to add more
machines to soon. But these questions are really
nagging at me and I hope somebody can answer them.
bkfoddy at skypoint.com
Eagan, MN USA
To unsubscribe, send email to majordomo at llamas.net with 'unsubscribe rc5' in the body.
More information about the rc5