[rc5] key security question
Henry W Miller
mill0440 at gold.tc.umn.edu
Thu Jun 5 20:23:17 EDT 1997
Several comments on several messages.
XOR with a key as long as your message is only as good as your mythod of
sending the key. It doesn't matter how long your key is if I know the
key. I can decrypt the message. There is one exception (accualy there
are more, but they aren't yet accepted by the encryption comunity. this
is coming though) RSA allows me to send you a key that you can encrypt
somethign with and then only I can decrypt.
RC5-56+RC5-56 is a 112 bit encryption, not 57. you are encrypting a
message, the fact that it hasn't been encrypted beofre doen'st matter. . I
would how ever wait for crypto analists to weigh in before I use double
RC5 encryption. the results could be less secure for mathamatical
reasons that I don't claim to understand.
As for export of 2x 40 bit keys, not it isn't legal, but antoher problem
with US goverment policy is this is easy to get around. For instance if
you buy two 40 bit encryption boxes and put them back to back you can get
80 bit encryption. This does require work on your part though, we can't
export something that does this for you, but if you use two encrypting
routers back to bak we can't do anythign about it.
On Thu, 5 Jun 1997, Benedikt Eric Heinen wrote:
> As long as 2 keys of 56 bits equal one of 128 bits, than this is true.
> Still, I only took this as an example. With all the different
> possibilities in bit strenghts of RC5 codes, I'd neither take the highest
> nor the lowest number of bits, but rather encrypt the whole thing using
> two "medium" sized keys as those will be "more exotic". I guess, that
> someone not knowing which key you took will first try the strongest and
> then the weakest alternative.
Yep. In theroy anyway. Not a lot of added protection, but something.
BUT consider the speed upgrade. RC5-56 uses 32 bit keys, plus some other
info to far to use that key. The other data is very similer to multipul
> I'd say - for most security, I'd probably go and encrypt a file using two
> different keys (both of which most probably use different encryption
> methods and different key sizes), and just for safety prepend the file
> with a certain number of bytes containing random garbage, so that any
> possible cracker always needs to decrypt a larger portion of the file
> (whereas in this approach it is sufficient to decrypt the first 2 or 4
> bytes and check those against the known part of the solution sentence). If
> those don't match - we skip to the next key).
> I'd just be interested in getting to know, how secure people would regard
> an approach like:
<scheme more secure then the govermetn uses sniped>
> I guess, the encrypted data would be pretty safe for the next 5-10 years
> (mainly due to adding the random garbage to make checks more difficult).
> But how safe would you deem this?
Short of the XOR scheme mentioned earlier this is as secure as you can
get. BUT you need to consider how secure your key exchange mythod is.
RSA is not very secure, that is why it uses long key-blocks. The problem
with long keyblocks is they take a long time to compute. PGP uses
RSA-1024 or something similer to encrypt the keys it is using, send the
encrupted keys to you, and a message encrypted with that key. 128 bit
IDEA is probably more secure then 1024 bit RSA. (hard to quantify this
To unsubscribe, send email to majordomo at llamas.net with 'unsubscribe rc5' in the body.
More information about the rc5