[rc5] key security question

Tristan Horn tristan at ethereal.net
Fri Jun 6 00:33:40 EDT 1997


On Thu, 5 Jun 1997, Sean Reifschneider wrote:
> RC5-56+RC5-56 is *WORST CASE* a 57-bit encryption.

Only if you decide to add junk (any non-random data) inbetween the
encryptions.  Crackers should not be able to detect when they have found
the right key... so they would in fact have to try another entire 2^56
keys for every key searched.  (in other words, 2^112 keys.)

At our current rate, it would take 411 quadrillion years to find a RC5-112
key.  (Theoretically equivalent to RC5-56 * 2.)

(2^56)/400,000,000/60/60/24/365 =~ 5 years
(2^112)/400,000,000/60/60/24/365 = 411,616,633,255,234,305 years.

(I'm assuming here that "worst" means "hardest to crack".)

> 3DES does not give 3x the protection of DES -- from what I recall it's
> something more like 1.3x the protection from what I recall.

ouch, that's pretty lame.

> Apparently, some of the members of the IPV6 task-force fell into the
> same trap as well.  There were people there who couldn't fathom that
> a 64-bit key-space would be anything more than twice the number of
> addresses we currently have.

I doubt that they're stupid enough to want 2^33 addresses instead
of 2^32... we'd just run out again.

> In actuality, it's 4-billion times what IPV4 uses.  So now we have a
> standard that will allow us to address every square angstrom on the
> earth.

Perhaps the first several bits represents the planet.

If only computing power would double for every machine added... :)

Tris

----
To unsubscribe, send email to majordomo at llamas.net with 'unsubscribe rc5' in the body.



More information about the rc5 mailing list