[RC5] How does the client know?

Richard Freeman rfreeman at netaxs.com
Thu Nov 20 14:36:32 EST 1997

On Thu, 20 Nov 1997, Joe Zbiciak wrote:

> I believe the client makes a number of short-cuts to save it some 
> work, as well, but at least in theory that's what it's doing.

The short cut is this - we have 16 bytes of plaintext if I am correct - it
might be 32.  RC5 works with 8 bytes at a time (I think) - so we only
check the first 8 bytes (which takes 1/2 or 1/4th the time).  It turns out
that more than one key will correctly decode the first 8 bytes.  However,
these other keys will not decode the entire message - it is just a
coincidene that they decode the first portion.  Still it is much faster to
just treat this handful of keys differently than try to eliminate them at
the client level...

Actually, the fact that two different keys can encrypt a block the same
way is interesting.  Hash functions (used often with passwords and
signatures) rely on the idea that these sorts of pairs of keys are
difficult to find.  I wonder how long it would take us to bruteforce
/etc/passwd at our current keyrate (it is just a slightly hacked DES - not
rotate left to fight against).  Scary thought...  Maybe those paranoid
unix types have a point being woried about what they client sends back
over the network...

Richard T. Freeman <rfreeman at netaxs.com> - finger for pgp key
3D CB AF BD FF E8 0B 10 4E 09 27 00 8D 27 E1 93 
http://www.netaxs.com/~rfreeman - ftp.netaxs.com/people/rfreeman

To unsubcribe, send 'unsubscribe rc5' to majordomo at llamas.net
rc5-digest subscribers replace rc5 with rc5-digest

More information about the rc5 mailing list