[rc5] key security question

Henry W Miller mill0440 at gold.tc.umn.edu
Fri Jun 6 12:20:50 EDT 1997

On Fri, 6 Jun 1997, Fedor Kouranov wrote:

> I've just understood a nice funny fact. XOR is totally secure as long as
> both key AND plaintext are not compromised. As soon as someone knows your
> original message, it takes no time to XOR the key back. One compromised
> message compromises the whole system. On the other hand, we know the
> plaintext of that RC5 cypher (well, not all of it - we wouldn't know all
> the key, be it XOR), but are still working on it. One compromised message
> only compromises itself. Public key systems are even better, because you
> cannot compromise a key which does not convey information. Am I overusing
> the word 'compromise'?
> Sure, you can have a different stream for every message. Then you'll have
> to go through the hassle of sending the key *securely* when the key is
> exactly as long as the message itself. Why do you need the key then? In
> this case public key systems are absolute winners.

With XOR systems the key is not reused EVER.  you print up two identical 
pads of paper with the key on it.  You take one pad with you, and leave 
the other pad with your trusted friend.  If someone steals you pad they 
can send fake messages form you only until the pad runs out.  The beauty 
of this system is you tear the top sheep of the pad off, write you 
message one it, encrypt it with the pad, and then copy the encrypted 
message to something else and send that.  You burn the paper witht he 
encrypted message.  

Thus if you gave me the plane text and the cypher text of an XOR message 
I could get the key, but since keys are never reused that doen'st help me 
at all.  RC5 is a way to use a finite length key several times, generally 
for the length of the message.  After the message is sent, all programs 
that I know of discard the key and for the next message also use a new 
key.  (some systems consider a message to be an entire day's worth of 

The new key is exchanged by RSA, a public key mythod which really shines 
for this.  The problem with RSA is it is very slow, and somewhat less 
secure then normal encryption.  Thus you send a message RSA encoded that 
contanes a private key.  Everything is encrypted with that private key, 
but only you and the person who has the other key know the private key.  
By sending a short private key encrypted you leave very little data for 
a crypto sepcialist to attack.  So while the public key is more 
attackable then the private key, there is less to work with on the 
private key, and since keys looks like random garbage anyway attacking 
the short message sent with the public key is unattractive.    Also since 
private key mythods are faster then public key ones, your message is at 
least as secure, and encrypted faster.
To unsubscribe, send email to majordomo at llamas.net with 'unsubscribe rc5' in the body.

More information about the rc5 mailing list