[rc5] Some thoughts on finding the key

Tim Charron tcharron at interlog.com
Thu Oct 23 22:45:20 EDT 1997

jeff at delta.com (Jeff Woods) wrote:
> Obviously, you're not doing a FULL string compare on "The unknown  message
> is:" after the decryption attempt -- the longer a string compare, the
> longer it takes.   I assume that the algorithm for the compare itself is
> damn good, and coded in tight assembly language, but just for my own
> optimizing curiousity, what is the algorithm, at least in general terms?
> First character only compare, with (on average) one in 256 getting closer
> inspection?   Multi-step single character compare?   (i.e. compare first
> character, if "T", then compare second character, if "h", compare third for
> "e"... if you got past this, a full compare, essentially one in every 16.7
> million keys?   

The client only compares the first 8 bytes of the decrypted text to 
the known plaintext.  The algorithm encrypts/decrypts in multiples of 
8 bytes, so there's no benefit to doing a smaller comparison.  The 8 
bytes are easily compared in one assembly instruction on most 
platforms.  Matches are flagged as possible successes.

A separate program was used to actually do the full extraction of the 
encrypted text (this was prepared some time ago).  At this point, 
there was no possibility that it was a false positive.  My hands were 
trembling as I talked to Nugget on irc and told him about the 
solution.  It's all history from there...

-- Tim

Tim Charron
tcharron at interlog.com
tcharron at ctfinance.com

To unsubscribe, send email to majordomo at llamas.net with 'unsubscribe rc5' in the body.

More information about the rc5 mailing list