[RC5] IM Was Running With Bad Code? - Why

Marc Sissom marcus at dfwmm.net
Tue Mar 10 19:40:11 EST 1998


If you'll look below at the two sets of lines defining
C0 and C1. Rather than actually decript the cyphertext,
what the code does(not just that shown below) is actually
_encrypt_ the plaintext and compare the results to the
cyphertext. It is actually backwards, but from our spot,
it works just as well. If you've got the right key, the
cyphertext that you produce by encrypting the known plain
text will produce the same cyphertext.

Anyway, I've highlighted the important sections with ^^^.
You must view this with fixed pitch font for things to
line up correctly.

V. Alex Brennen wrote:
> 
> #ifdef DEBUG
>   const unsigned RC5WORD C0 = 0x561bde39;
>   const unsigned RC5WORD C1 = 0x255c1d3f;
This is the test case             ^^^^^^^^

> #else
>   const unsigned RC5WORD C0 = 0xa74ed382;
>   const unsigned RC5WORD C1 = 0x255c1d3f;
Here is the real test(supposedly) ^^^^^^^^
This should be:            C1 = 0x0b8624b3

Compare the second 4 bytes with the second
set of bytes below...they are reversed for intel
'little endian' storage format in the C0/C1 definitions.
 
> RC556 CypherText From The RSA Secret Key HomePage:
>              82 d3 4e a7 b3 24 86 0b c6 d8 61 5c e9 f9 e4 79
     1st set ->^^ ^^ ^^ ^^|^^ ^^ ^^ ^^<- 2nd set(should be)

In the IM code, they mistakenly duplicated the second constant
from the debug test set in the 'real' test set. Barring any
typos, I've got it right.
--
To unsubscribe, send 'unsubscribe rc5' to majordomo at lists.distributed.net
rc5-digest subscribers replace rc5 with rc5-digest



More information about the rc5 mailing list