[RC5] Cracking 40 bits in realtime

gindrup at okway.okstate.edu gindrup at okway.okstate.edu
Thu Jan 8 15:57:46 EST 1998

     [this personal replied to the list because, strangely, this seems to 
     have something to do with distributed decryption.]
     Although in CBC mode it is a Good Thing to know the IV, a brute force 
     attack can do two things:
     1) Attempt a theoretical search of the space of IVs and keys to find 
     IV/key pairs that will decrypt the first block of the ciphertext into 
     something with the expected header format or
     2) do the same thing in a brute force way.
     The smartest thing is probably to look for a hybrid method where 
     theoretical concerns hack out big hunks of the (key,IV)-pair space and 
     brute force finds candidates that work.  This isn't *that* hairy since 
     hte same key is used to encrypt each block.
     Also, most widely used encryptors have much smaller IVs than key 
     lengths.  Thus, a pure brute force attack recovers the IV at the same 
     time as the key.  It takes time similar to that of cracking a non-CBC 
     code that has key-length equal to that of the IV + key.
            -- Eric Gindrup ! gindrup at Okway.okstate.edu

______________________________ Reply Separator _________________________________
Subject: Re: Re[2]: [RC5] Cracking 40 bits in realtime 
Author:  <j-zbiciak1 at ti.com>  at SMTP
Date:    1/8/98 2:55 PM

'gindrup at okway.okstate.edu' said previously:
|      Anyone making a serious attack on a message already _does_ know 
|      something about what it contains.  
What if the message is encrypted in CBC mode, and the IV itself was 
distributed through a completely different channel--eg. you didn't 
intercept it and so must guess it.  Doesn't that effectively obscure 
the "known plaintext" so as to render it useless?
 +----------- Joseph Zbiciak ----------+
 | - - - -  j-zbiciak1 at ti.com  - - - - |  Join your idle CPU cycles into the 
 |- http://www.primenet.com/~im14u2c/ -|  world's largest supercomputer:
 | - - -Texas Instruments, Dallas- - - |  http://www.distributed.net/ 
 +-----#include <std_disclaimer.h>-----+

To unsubcribe, send 'unsubscribe rc5' to majordomo at llamas.net
rc5-digest subscribers replace rc5 with rc5-digest

More information about the rc5 mailing list