[rc5] Some thoughts on finding the key

Jeff Woods jeff at delta.com
Thu Oct 23 17:36:22 EDT 1997

At 04:09 PM 10/23/97 -0400, you wrote:

>Bad RSA, BAD!  BTW - Dosn't the client notify the user when it finds the
>key?  I would certainly want it to.  (I'm burning my CPU for bovine, I want
>to be the very first to know when MY machine is going to get $1k mailed to

No.  This is to keep unscrupulous users from simply going to RSA and
pocketing the entire $10k without giving the charitable donation.   By
ensuring that the key remains secret until the coordinators submit it to
RSA, it ensures that whatever charity is on our receiving end gets the
money, instead of some InDUHvidual saying *I FOUND IT, NOT THE BOVINE

>> Hopefully this will dispell any suspicions you may have about the
>> sequence of events surrounding our incredible victory.  There was most
>> certainly no under-handedness involved.

No, but there was one comment that made me think of a few things.
Clearly, I haven't seen the source code to the key testers, but:

> 20-Oct-1997 13:00 - I notice the success report in the logfile and track
>                     down Tim Charron to test it fully.  Note: at this point,
>                     we still do not know if the solution will test out, nor
>                     is this the first possible solution to appear.

Obviously, you're not doing a FULL string compare on "The unknown message
is:" after the decryption attempt -- the longer a string compare, the
longer it takes.   I assume that the algorithm for the compare itself is
damn good, and coded in tight assembly language, but just for my own
optimizing curiousity, what is the algorithm, at least in general terms?
First character only compare, with (on average) one in 256 getting closer
inspection?   Multi-step single character compare?   (i.e. compare first
character, if "T", then compare second character, if "h", compare third for
"e"... if you got past this, a full compare, essentially one in every 16.7
million keys?   

Just curious....
To unsubscribe, send email to majordomo at llamas.net with 'unsubscribe rc5' in the body.

More information about the rc5 mailing list