gindrup at okway.okstate.edu
Fri Oct 3 16:02:11 EDT 1997
A thing I said in this message was just not true. My memory had
failed me and had mutated a pointer to Merkle-Hellman Knapsack
public-key encryption into a pointer to DES. A follow-up request by
David Jones led me to check this erroneous claim.
A reference to *correct* version of my claim is
Schneier, Bruce, "Applied Cryptography, 2nd ed." is
p. 465, Security of Knapsacks
which refers to
W. Diffee, "The First Ten Years of Public-Key Cryptography,"
_Proceedings of the IEEE_, v. 76, n. 5, May 1988, pp. 560-577. and
W. Diffee, "The First Ten Years of Public-Key Cryptography," in
_Contemporary Cryptology: The Science of Information Integrity, G.J.
Simmons, ed., IEEE Press, 1992, pp. 135-175.
The attack was against Merkle-Hellamn Knapsack public-key encryption.
The transformation of a superincreasing knapsack instance into a
normal instance was attacked to allow a reverse transformation. The
attack could be carried out on an Apple ][ fast enough to demonstrate
at the conference where Shamir and Zippel demonstrated the method.
I apologize to the list for the previous misinformation.
-- Eric Gindrup ! gindrup at okway.okstate.edu
______________________________ Reply Separator _________________________________
Subject: Re: [rc5] RC5-64?
Author: <rc5 at llamas.net > at SMTP
Date: 9/29/97 7:56 PM
Well, yes and no.
Crypto has to be effectively unbreakable by anyone for the length of
time that the encrypted information is desired to be entirely private.
It has to be relatively unbreakable for the length of time that your
expected attacker must not be allowed to know the information.
Single DES can be broken in less than an hour by an Apple ][.
To unsubscribe, send email to majordomo at llamas.net with 'unsubscribe rc5' in the body.
More information about the rc5