[rc5] RC64 keyspace

Walter Nissen Walter_Nissen at hmc.edu
Tue Oct 28 08:41:11 EST 1997

Rob Winters wrote:

> No, it's not like in the movies. You have to decode the thing completely
> as if each key is the correct key. Then you either have it, or you don't.

No, you only have to decrypt two words at a time. In our case, the wordsize is 32 bits, so
we get 32*2 = 64 bits = 8 bytes back. If that matches "The unkn" then the next 8 bytes are
compared, and if they match, a potential success is logged.

> I do wonder whether RSA might intentionally spread the answers out to
> different areas of the keyspace.

It states on their web page that the actual key is generated at random by computer, and
only the plaintext is known to them. Besides, because each key (or section of keys) has an
equal chance, the probability is fairly low that it won't be in the first 1%. Thus, they
don't really have to worry that much about extremely quick solves. Although I have to
admit that finding the 128-bit key after about half an hour of searching would be pretty
cool. :)

>  For that reason, I think that I would fish around a bit,
> and not just go from beginning to end. Might not help, but shouldn't hurt.

>From what I've read on the list, blocks are currently assigned sequentially from the
superblocks given to the main keyservers. However, the superblocks are assigned at random.
I'm pretty sure this is not to spread out our attack (there really is no difference in
probability from one place to another) but instead to make sure that other groups don't
say, "Oh, well Bovine's done the first 5%, why don't we start at 50%, and then we don't
have to check for ourselves."


|                |    Harvey Mudd College :     | wnissen at hmc.edu |
| Walter Nissen  | Exchanging Sanity for Power, |                 |
|                |        Since 1955            |   909-607-DARE  |

To unsubscribe, send email to majordomo at llamas.net with 'unsubscribe rc5' in the body.

More information about the rc5 mailing list