[rc5] key security question

Henry W Miller mill0440 at gold.tc.umn.edu
Thu Jun 5 20:23:17 EDT 1997

Several comments on several messages.

XOR with a key as long as your message is only as good as your mythod of 
sending the key.   It doesn't matter how long your key is if I know the 
key.  I can decrypt the message.  There is one exception (accualy there 
are more, but they aren't yet accepted by the encryption comunity.  this 
is coming though)  RSA allows me to send you a key that you can encrypt 
somethign with and then only I can decrypt.  

RC5-56+RC5-56 is a 112 bit encryption, not 57.  you are encrypting a
message, the fact that it hasn't been encrypted beofre doen'st matter. .  I 
would how ever wait for crypto analists to weigh in  before I use double 
RC5 encryption.  the results could be less secure for mathamatical 
reasons that I don't claim to understand.

As for export of 2x 40 bit keys, not it isn't legal, but antoher problem 
with US goverment policy is this is easy to get around.  For instance if 
you buy two 40 bit encryption boxes and put them back to back you can get 
80 bit encryption.  This does require work on your part though, we can't 
export something that does this for you, but if you use two encrypting 
routers back to bak we can't do anythign about it.

On Thu, 5 Jun 1997, Benedikt Eric Heinen wrote:

> As long as 2 keys of 56 bits equal one of 128 bits, than this is true.
> Still, I only took this as an example. With all the different
> possibilities in bit strenghts of RC5 codes, I'd neither take the highest
> nor the lowest number of bits, but rather encrypt the whole thing using
> two "medium" sized keys as those will be "more exotic". I guess, that
> someone not knowing which key you took will first try the strongest and
> then the weakest alternative.

Yep.  In theroy anyway.  Not a lot of added protection, but something.  
BUT consider the speed upgrade.  RC5-56 uses 32 bit keys, plus some other 
info to far to use that key.  The other data is very similer to multipul 

> I'd say - for most security, I'd probably go and encrypt a file using two
> different keys (both of which most probably use different encryption
> methods and different key sizes), and just for safety prepend the file
> with a certain number of bytes containing random garbage, so that any
> possible cracker always needs to decrypt a larger portion of the file
> (whereas in this approach it is sufficient to decrypt the first 2 or 4
> bytes and check those against the known part of the solution sentence). If
> those don't match - we skip to the next key).
> I'd just be interested in getting to know, how secure people would regard
> an approach like:

<scheme more secure then the govermetn uses sniped>

> I guess, the encrypted data would be pretty safe for the next 5-10 years
> (mainly due to adding the random garbage to make checks more difficult).
> But how safe would you deem this? 

Short of the XOR scheme mentioned earlier this is as secure as you can 
get.  BUT you need to consider how secure your key exchange mythod is.  
RSA is not very secure, that is why it uses long key-blocks.  The problem 
with long keyblocks is they take a long time to compute.  PGP uses 
RSA-1024 or something similer to encrypt the keys it is using, send the 
encrupted keys to you, and a message encrypted with that key.  128 bit 
IDEA is probably more secure then 1024 bit RSA.  (hard to quantify this 
To unsubscribe, send email to majordomo at llamas.net with 'unsubscribe rc5' in the body.

More information about the rc5 mailing list