[rc5] key security question

Fedor Kouranov ted99 at ibm.net
Fri Jun 6 11:58:20 EDT 1997

On 06/05/97 Don Rude <donr at hbp.com> said:

>	If ALL you are worried about is totally secure encryption... well you
>have all got it wrong.  There is a single mathematically proven encryption
>scheme.  (Proven that it can't be broken) And it is very simple.  Using
>XOR (Trust me on this...) if you use any one key only a single time (AKA
>only encrypt one message with any one key) and a key that is AS long as
>the message... it CAN NOT be broken.

I've just understood a nice funny fact. XOR is totally secure as long as
both key AND plaintext are not compromised. As soon as someone knows your
original message, it takes no time to XOR the key back. One compromised
message compromises the whole system. On the other hand, we know the
plaintext of that RC5 cypher (well, not all of it - we wouldn't know all
the key, be it XOR), but are still working on it. One compromised message
only compromises itself. Public key systems are even better, because you
cannot compromise a key which does not convey information. Am I overusing
the word 'compromise'?

Sure, you can have a different stream for every message. Then you'll have
to go through the hassle of sending the key *securely* when the key is
exactly as long as the message itself. Why do you need the key then? In
this case public key systems are absolute winners.

 /** Christ is risen ! *** __+__ ******  Fedor "Ted" Kouranov  *****/
 /* Xristos Voskrese ! **   \|    ** ted99 at ibm.net * fedor at bu.edu **/
 /** Xristos anesti ! ****   |\  ** http://enz.siobc.ras.ru/~fedor */

To unsubscribe, send email to majordomo at llamas.net with 'unsubscribe rc5' in the body.

More information about the rc5 mailing list