[RC5] Cracking 40 bits in realtime

Roy Wilson emperor at slic.com
Wed Jan 7 22:13:05 EST 1998


On Wed, 7 Jan 1998 21:59:29 -0500 (EST), Matt Perry wrote:

>> 	True, to some extent.  But any client we coded for our
>> own challenge would have our *known* plaintext dozen or so
>> characters in it.  You'd need a hell of a lot more than a simple
>> matching brute-force client to bust a VISA packet you grabbed
>> from somewhere.

>	Exactly.  Whoever submits a message for decryption must know the
>unencrypted message.  If someone where to submit an arbitrary packet, how
>are we to know when we have found the correct key?  We would have to have
>something for the client to check against, much like the RC5 clients
>currently looking for "The unknown message is" which is the beginning of
>all of the encoded messages.

>	Likewise, who ever submits something to be broken is going to have
>to supply something to check against.  This can't be done without knowing
>something about the message inside.  Also, if someone were to try and pick
>up an arbitrary packet and submit it for unencryption, how can they be
>sure that it's not binary? 

	Well.... you don't *have* to know the content.  You
*could* apply filters to find patterns, which would tell you
what it was when you finally hit on it.  Massive increase in
time to brute force that way though.

	Also, I'm assuming a single level of encryption.  If I
took this message and saved it to ascii text, then ran it
throught Word Perfect into their saved document type, ran their
(extremely shoddy) encryption on it, then did a zip -gARBLE,
then PGP'd the result, even if you HAD all the keys it would
take you six months to get the damned thing open.<G>



Roy Wilson <emperor at slic.com>
Lat: 44.850959 Lon: -74.40286 [+/- 6']



--
To unsubcribe, send 'unsubscribe rc5' to majordomo at llamas.net
rc5-digest subscribers replace rc5 with rc5-digest



More information about the rc5 mailing list