[rc5] Some thoughts on finding the key

wooledge at kellnet.com wooledge at kellnet.com
Thu Oct 23 22:40:44 EDT 1997

Jeff Woods (jeff at delta.com) wrote:

> Obviously, you're not doing a FULL string compare on "The unknown message
> is:" after the decryption attempt -- the longer a string compare, the
> longer it takes.   I assume that the algorithm for the compare itself is
> damn good, and coded in tight assembly language, but just for my own
> optimizing curiousity, what is the algorithm, at least in general terms?

As I understand it (based on reading the RC5 spec and some discussion on
the #rc5 channel), the RC5 cipher is a "block" cipher -- this means it
operates on groups of characters at a time.

Messages encrypted with RC5 must be a multiple of 8 bytes in length.
Messages which aren't a multiple of 8 bytes are padded to make full

The actual encryption and decryption are done 8 bytes at a time.
So the RC5 client picks a key, does the setup (see the algorithm), and
then decrypts the first 8 bytes of the ciphertext.  If this yields the
plaintext "The unkn" then it's flagged as a possible solution.

The odds of a block being decrypted to this string are 256^8, or 2^64,
so one would expect to find only one solution in the 56-bit keyspace.
I'm surprised there was at least one other possible solution reported!

Can anyone shed more light on this?

------------                  Greg Wooledge                  -------------
-------                   wooledge at kellnet.com                     -------
---              http://kellnet.com/wooledge/main.html                 ---
To unsubscribe, send email to majordomo at llamas.net with 'unsubscribe rc5' in the body.

More information about the rc5 mailing list