[RC5] Cracking 40 bits in realtime

Roy Wilson emperor at slic.com
Wed Jan 7 21:10:27 EST 1998


On Wed, 7 Jan 1998 18:46:54 -0500, Greg Wooledge wrote:

>Roy Wilson (emperor at slic.com) wrote:
>
>> On Tue, 6 Jan 1998 21:38:53 -0500, Greg Wooledge wrote:
>> 
>> >This will hide the plaintext from the submitter, but the person who
>> >actually cracked the message will still have the key, assuming that the
>> >proposed 40-bit decryption project works like the Bovine project in terms
>> >of logging.  That person could use the key to produce the plaintext,
>> >even if (s)he has to do it by hand.  Or that person could publish the
>> >key, allowing others to produce and read the plaintext.  Or that person
>> >could publish the plaintext....
>> >
>> >Now, I know all of you reading this are nice, moral, ethical people
>> >who'd never use the plaintext for the wrong reasons....[1]  But *They*
>> >don't know that.  And *They* will not trust you to keep the key a secret.
>> 
>> 	I'm still for doing it, just for the time result.  Not
>> let anyone submit a message, but put up a few more "challenges",
>> using the other-than-RSA encryption being commercially used. 
>> Whatever VISA uses, break it and blare the minimal time it took
>> to break.  Same for any other "routinely encrypted" stuff that
>> pops up.
>> 
>> 	We don't need an actual VISA transmission to break it,
>> just the algorithm they use.  We can encrypt our *own* plaintext
>> message with it, and then brute force it.
>
>This doesn't address the ethical/legal issue which has been raised.
>Yes, we may start out with harmless "Visa-like" coded messages, but
>the problem is that someone may introduce a real Visa coded message
>into the machine.

	True, to some extent.  But any client we coded for our
own challenge would have our *known* plaintext dozen or so
characters in it.  You'd need a hell of a lot more than a simple
matching brute-force client to bust a VISA packet you grabbed
from somewhere.

	Same goes for any other banking or business code.  

>Also, be aware that you replied to me privately.  This looks like
>something that might have been intended for a larger audience, which is
>the primary reason I left the whole thing quoted. :-)

	Yeah, some bonehead changed the list configuration
because of all the whiners.  Now, since you *replied* to a
mis-addressed message due to the header reconfiguration, I've
got to REMEMBER the list address and type it in manually.

	How many hundred people on this list?  And we've changed
the ReplyTo: format for what, a dozen or so whiners?



Roy Wilson <emperor at slic.com>
Lat: 44.850959 Lon: -74.40286 [+/- 6']



--
To unsubcribe, send 'unsubscribe rc5' to majordomo at llamas.net
rc5-digest subscribers replace rc5 with rc5-digest



More information about the rc5 mailing list