[rc5] key security question

Fedor Kouranov ted99 at ibm.net
Thu Jun 5 20:14:44 EDT 1997


Wow, this thread is getting big ;-)

>Here's a new question:  Is it possible to tell just by looking at
>encrypted data what algorythm was used (RC5, DES, PGP, etc.) and/or how
>many bits the key is?  If so, how?

Looking just at the stream, hardly. OTOH there are MIME types, magic
headers, and stuff like that. This (as well as XORing across something
else) brings up another issue: how practical a particular encryption scheme
is. Is it, as Phil said 'for the masses', or something to protect your
stuff from everybody else? If you do not set a standard for everybody, than
it's your own trouble whether you overcrypt the same stuff a hundred times
or just XOR it across the Bible (which will hold until someone knows that
you're using the Bible... don't elaborate here, OK?).

If you want at least 10 people (save the whole planet) to use some scheme,
you hit several issues. You need the scheme to be simple to use and
implement. You need an algorithm which is hard to break (even when
everybody knows it) without the sacred key. For example, XOR will not work
because forcing people to use the keys that are as long as the texts is...
err... weird. And how will you transmit the key? Setting encryption
standards is not easy, although many people (including us :) like
fantasizing about it. Read the 'Beware of Snake Oil' passage in PGP manual.


 /** Christ is risen ! *** __+__ ******  Fedor "Ted" Kouranov  *****/
 /* Xristos Voskrese ! **   \|    ** ted99 at ibm.net * fedor at bu.edu **/
 /** Xristos anesti ! ****   |\  ** http://enz.siobc.ras.ru/~fedor */

----
To unsubscribe, send email to majordomo at llamas.net with 'unsubscribe rc5' in the body.



More information about the rc5 mailing list