[rc5] RE: rc5-digest V1 #171

Eric Gindrup gindrup at okway.okstate.edu
Mon Oct 27 15:47:47 EST 1997


     Hmm...  It is true that the first 24 bytes of the plaintext is 
     probably "The unknown message is: " and that's 75% of a block, so a 
     chosen plaintext attack *might* be feasible.  The trouble is that 
     RC5-32/m/n has every bit in the result dependent on every bit in the 
     input block after about 6 rounds (m>=6) and our stuff has m=12.  This 
     would seem to indicate that the "deck is too well shuffled..."
            -- Eric Gindrup ! gindrup at Okway.okstate.edu


______________________________ Reply Separator _________________________________
Subject: [rc5] RE: rc5-digest V1 #171 
Author:  <rc5 at llamas.net > at SMTP
Date:    1997/10/24 08:04


>Date: Thu, 23 Oct 1997 20:32:09 -8
>From: "Brian Murphy" <brianm at earthlink.net> 
>Subject: [rc5] Possible further d.n projects. 
>
>RC5/40:  The unknown message is: This is why you should use a longer key 
>
>RC5/48:  The unknown message is: The magic words are Security Dynamics and 
>RSA
>
>RC5/56:  The unknown message is: It's time to move to a longer key length 
>
>DES:  The unknown message is: Strong cryptography makes the world a 
>safer place
>
>        What is the feasibility of mounting a chosen plaintext attack 
>against the other challenges?  If feasible, it would *certainly* be 
>less computationally challenging than a brute force attack.  Am I 
>missing something, or would it be *DAMN* cool to announce that we'd 
>just solved RC5/90 ?
     
>From my understanding of how RC5 encryption works, there isn't a 
chosen-plaintext attack that is any better than brute-force.  That, and 
the fact that you can use different key sizes, is one of the main 
advantages of RC5 encryption.
     
     
----
To unsubscribe, send email to majordomo at llamas.net with 'unsubscribe rc5' in the
body.
     


----
To unsubscribe, send email to majordomo at llamas.net with 'unsubscribe rc5' in the body.



More information about the rc5 mailing list