[rc5] RE: rc5-digest V1 #171
gindrup at okway.okstate.edu
Mon Oct 27 15:47:47 EST 1997
Hmm... It is true that the first 24 bytes of the plaintext is
probably "The unknown message is: " and that's 75% of a block, so a
chosen plaintext attack *might* be feasible. The trouble is that
RC5-32/m/n has every bit in the result dependent on every bit in the
input block after about 6 rounds (m>=6) and our stuff has m=12. This
would seem to indicate that the "deck is too well shuffled..."
-- Eric Gindrup ! gindrup at Okway.okstate.edu
______________________________ Reply Separator _________________________________
Subject: [rc5] RE: rc5-digest V1 #171
Author: <rc5 at llamas.net > at SMTP
Date: 1997/10/24 08:04
>Date: Thu, 23 Oct 1997 20:32:09 -8
>From: "Brian Murphy" <brianm at earthlink.net>
>Subject: [rc5] Possible further d.n projects.
>RC5/40: The unknown message is: This is why you should use a longer key
>RC5/48: The unknown message is: The magic words are Security Dynamics and
>RC5/56: The unknown message is: It's time to move to a longer key length
>DES: The unknown message is: Strong cryptography makes the world a
> What is the feasibility of mounting a chosen plaintext attack
>against the other challenges? If feasible, it would *certainly* be
>less computationally challenging than a brute force attack. Am I
>missing something, or would it be *DAMN* cool to announce that we'd
>just solved RC5/90 ?
>From my understanding of how RC5 encryption works, there isn't a
chosen-plaintext attack that is any better than brute-force. That, and
the fact that you can use different key sizes, is one of the main
advantages of RC5 encryption.
To unsubscribe, send email to majordomo at llamas.net with 'unsubscribe rc5' in the
To unsubscribe, send email to majordomo at llamas.net with 'unsubscribe rc5' in the body.
More information about the rc5