[rc5] key security question
tristan at ethereal.net
Thu Jun 5 14:20:51 EDT 1997
On Thu, 5 Jun 1997, Fedor Kouranov wrote:
> > - Do the bits just add up (i.e. the resulting ciphertext will be
> > like it was encrypted using a single 112 byte key)?
> Think keyspace: for each first key you have to search all the 2^56 second
> keys. This makes 2^112 combinations, IOW a 112-bit key. This presumes that
> using double keys does not weaken encryption (as in previous paragraph).
> > - Do the keys multiply (i.e. the result would be like it was encrypted
> > using a 56^2 bit key)?
> > - Will the keys power each other (56^56 bit protection)?
> No, that's too much, especially the last one ;-) Nobody will have to search
> a bigger keyspace than was originally. Remember that the relationship
> between key length and keyspace size is exponential (keyspace =
> And, anyway, you don't need all this stuff because you can simply have 128
> bit RC5 which will give you the protection you wanted.
Don't forget that we have an advantage over any effort to crack a real key
(i.e. non-contest). We know the first part of the plaintext, "The unknown
message is: ".
A real effort would check that all of the first 8 bytes (or more) of the
decrypted plaintext was 7 bit ASCII... we just check that it matches "The
That's why double-encryption can be more secure than a larger key.
There's no way to tell when you've found the correct key, if it all
appears to be random 8-bit data... would that mean 56^56 protection?
Are there any laws controlling export of such double-encryption software?
To unsubscribe, send email to majordomo at llamas.net with 'unsubscribe rc5' in the body.
More information about the rc5