[RC5] Cracking 40 bits in realtime
Christopher Hodson (Consultant)
cmh at fpk.hp.com
Thu Jan 8 14:11:29 EST 1998
Matt Perry wrote:
> On Wed, 7 Jan 1998, Roy Wilson wrote:
> > On Wed, 7 Jan 1998 18:46:54 -0500, Greg Wooledge wrote:
> > >Roy Wilson (emperor at slic.com) wrote:
> > >
> > >This doesn't address the ethical/legal issue which has been raised.
> > >Yes, we may start out with harmless "Visa-like" coded messages, but
> > >the problem is that someone may introduce a real Visa coded message
> > >into the machine.
> > True, to some extent. But any client we coded for our
> > own challenge would have our *known* plaintext dozen or so
> > characters in it. You'd need a hell of a lot more than a simple
> > matching brute-force client to bust a VISA packet you grabbed
> > from somewhere.
> Exactly. Whoever submits a message for decryption must know the
> unencrypted message. If someone where to submit an arbitrary packet, how
> are we to know when we have found the correct key? We would have to have
> something for the client to check against, much like the RC5 clients
> currently looking for "The unknown message is" which is the beginning of
> all of the encoded messages.
Which bring us back to our original mission. What does it prove? It
only proves that if we KNOW the beginning of the message that we can
decrypt the rest. It really seems silly to say that "40-bit DES can be
broken in x days," since this requires prior knowledge of the message.
If RSA REALLY wanted to show how weak 40-bits(rc5 or DES) they wouldn't
give us any of the plaintext. But they don't, they want us to think its
really weak, so we use their product. You've got to remember, there
must be a reason RSA is willing to give out $10k at a pop. They think
it will make them money in the long run.
BTW, I do think 40 bits is not enough, but not enough to cry "The sky is
Christopher M. Hodson
To unsubcribe, send 'unsubscribe rc5' to majordomo at llamas.net
rc5-digest subscribers replace rc5 with rc5-digest
More information about the rc5