[RC5] Cracking 40 bits in realtime

gindrup at okway.okstate.edu gindrup at okway.okstate.edu
Thu Jan 8 16:47:18 EST 1998

     [This seems to have something to do with distributed decryption, so I 
     am replying to the mailing list.]
     An IV is usually one block (although an implementation could make the 
     IV longer, if the IV is random, making it longer doesn't help 
     anything) and a DES block is 64bits.  A DES key is 56 bits.  
     Therefore, a pure brute force attack on a CBC with IV mode DES 
     ciphertext requires time similar to that of attacking a 120-bit 
     variant of DES twice.  Twice because you have to perform a decrypt 
     attempt against each (IV,key) pair, but a decrypt attempt involves 
     decrypting the IV and then decrypting the first block of the 
     ciphertext.  (There's an XOR in there, but it isn't significant 
     compared to the decrypt times.)
            -- Eric Gindrup ! gindrup at okway.okstate.edu

______________________________ Reply Separator _________________________________
Subject: Re: Re[4]: [RC5] Cracking 40 bits in realtime 
Author:  <j-zbiciak1 at ti.com>  at SMTP
Date:    1/8/98 4:00 PM

'gindrup at okway.okstate.edu' said previously:
|      Also, most widely used encryptors have much smaller IVs than key 
|      lengths.  Thus, a pure brute force attack recovers the IV at the same 
|      time as the key.  It takes time similar to that of cracking a non-CBC 
|      code that has key-length equal to that of the IV + key.
Isn't DES's IV 64-bits, making the IV + key something like 120 bits?
 +----------- Joseph Zbiciak ----------+
 | - - - -  j-zbiciak1 at ti.com  - - - - |  Join your idle CPU cycles into the 
 |- http://www.primenet.com/~im14u2c/ -|  world's largest supercomputer:
 | - - -Texas Instruments, Dallas- - - |  http://www.distributed.net/ 
 +-----#include <std_disclaimer.h>-----+

To unsubcribe, send 'unsubscribe rc5' to majordomo at llamas.net
rc5-digest subscribers replace rc5 with rc5-digest

More information about the rc5 mailing list