[rc5] RC5-64?

Eric Gindrup gindrup at okway.okstate.edu
Fri Oct 3 16:02:11 EDT 1997

     A thing I said in this message was just not true.  My memory had 
     failed me and had mutated a pointer to Merkle-Hellman Knapsack 
     public-key encryption into a pointer to DES.  A follow-up request by 
     David Jones led me to check this erroneous claim.
     A reference to *correct* version of my claim is
     Schneier, Bruce, "Applied Cryptography, 2nd ed." is
     p. 465, Security of Knapsacks
     which refers to
     W. Diffee, "The First Ten Years of Public-Key Cryptography," 
     _Proceedings of the IEEE_, v. 76, n. 5, May 1988, pp. 560-577. and
     W. Diffee, "The First Ten Years of Public-Key Cryptography," in 
     _Contemporary Cryptology: The Science of Information Integrity, G.J. 
     Simmons, ed., IEEE Press, 1992, pp. 135-175.
     The attack was against Merkle-Hellamn Knapsack public-key encryption.  
     The transformation of a superincreasing knapsack instance into a 
     normal instance was attacked to allow a reverse transformation.  The 
     attack could be carried out on an Apple ][ fast enough to demonstrate 
     at the conference where Shamir and Zippel demonstrated the method.
     I apologize to the list for the previous misinformation.
            -- Eric Gindrup ! gindrup at okway.okstate.edu

______________________________ Reply Separator _________________________________
Subject: Re[2]: [rc5] RC5-64?  
Author:  <rc5 at llamas.net > at SMTP
Date:    9/29/97 7:56 PM

     Well, yes and no.
     Crypto has to be effectively unbreakable by anyone for the length of 
     time that the encrypted information is desired to be entirely private. 
     It has to be relatively unbreakable for the length of time that your 
     expected attacker must not be allowed to know the information.
     Single DES can be broken in less than an hour by an Apple ][.

To unsubscribe, send email to majordomo at llamas.net with 'unsubscribe rc5' in the body.

More information about the rc5 mailing list