[rc5] RE: rc5-digest V1 #171

Eric Gindrup gindrup at okway.okstate.edu
Mon Oct 27 15:47:47 EST 1997

     Hmm...  It is true that the first 24 bytes of the plaintext is 
     probably "The unknown message is: " and that's 75% of a block, so a 
     chosen plaintext attack *might* be feasible.  The trouble is that 
     RC5-32/m/n has every bit in the result dependent on every bit in the 
     input block after about 6 rounds (m>=6) and our stuff has m=12.  This 
     would seem to indicate that the "deck is too well shuffled..."
            -- Eric Gindrup ! gindrup at Okway.okstate.edu

______________________________ Reply Separator _________________________________
Subject: [rc5] RE: rc5-digest V1 #171 
Author:  <rc5 at llamas.net > at SMTP
Date:    1997/10/24 08:04

>Date: Thu, 23 Oct 1997 20:32:09 -8
>From: "Brian Murphy" <brianm at earthlink.net> 
>Subject: [rc5] Possible further d.n projects. 
>RC5/40:  The unknown message is: This is why you should use a longer key 
>RC5/48:  The unknown message is: The magic words are Security Dynamics and 
>RC5/56:  The unknown message is: It's time to move to a longer key length 
>DES:  The unknown message is: Strong cryptography makes the world a 
>safer place
>        What is the feasibility of mounting a chosen plaintext attack 
>against the other challenges?  If feasible, it would *certainly* be 
>less computationally challenging than a brute force attack.  Am I 
>missing something, or would it be *DAMN* cool to announce that we'd 
>just solved RC5/90 ?
>From my understanding of how RC5 encryption works, there isn't a 
chosen-plaintext attack that is any better than brute-force.  That, and 
the fact that you can use different key sizes, is one of the main 
advantages of RC5 encryption.
To unsubscribe, send email to majordomo at llamas.net with 'unsubscribe rc5' in the

To unsubscribe, send email to majordomo at llamas.net with 'unsubscribe rc5' in the body.

More information about the rc5 mailing list