[RC5] What does finding the contest key prove?

Lothar Kimmeringer kimmerin at online.de
Sat Apr 17 12:39:39 EDT 1999


-----BEGIN PGP SIGNED MESSAGE-----

On Fri, 16 Apr 1999 20:35:24 -0400, Matthew_Webber at cca-int.com wrote:

>(1) What would this do to the time required to crack the key? My
point was
>that our present tests (where we know part of the plaintext) do not
tell us
>anything about the real-life time required to crack.

For checking a text for a string there are many powerful tools.
You can implement the test mentioned by Adam into the decryption-
routines, because these mostly decrypts byte- or word-wise.
If the decryption of a word results to a not-suitable character,
you can skipt the rest of it.

>(2) I don't think your method would work if the text was not in
English, or

If you don't understand the language, the message is written in,
why do you want to read it? ;-) If you're looking for text of a
language, that has additional characters, you have to check for
these in addition to the ASCII-characters. The additional
characters are all places beyond chr(127).

>was 'encrypted' using some very simple scheme (eg a->b, b->c, c->d
etc)
>before being put through DES or whatever.

This "encryption" is based on "security by obscurity". This type
of encryption can only be used in closed systems. It's not possible
to use it for protocols in Internet.

But that's not the point. What we're proving here all together,
is that it's possible for people with not that much money to
crack encryption-systems, that are mostly used by banks and
other organizations for securing sensible data.
In germany every EC-card (kind of credit-card, but not exactly
the same) was "secured" with DES. The secret-number, that
allowes you to get money from the "bankomats" (don't know the
english word for it) all over europe was encrypted with DES.

Since one year ago all german banks told everybody, that DES
had a high security-level and there were no way to crack it...
Distributed.net and other organizations like CCC helped to
prove that it's not. More and more courts accepts this and
now more or less all banks have changed the encryption to
TDES.


Best regards

Lothar
-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 5.5.3i for non-commercial use <http://www.pgpi.com>

iQCVAwUBNxhIySw3MKmLw82BAQFkLwP9Fo+3x4mVFSebXVvGklu9/PTq3Z7+DigP
JQ6etyNIBbJy2aulW2ci9nZ+yV/9UNn2Rxi83MDSNP3owiQ3xnGsRJSBoY5eYzub
pIExuWTqLtIVqfONULnU5+s7EVqDFqiiQI284tQJsLrVA2ZrUzBBtBfKkhU07VI4
8mWv61o9C8w=
=cm4j
-----END PGP SIGNATURE-----

-- 
Lothar Kimmeringer                          E-Mail: kimmerin at online.de

Always remember: The answer is forty-two, there can only be wrong
                 questions!


--
To unsubscribe, send 'unsubscribe rc5' to majordomo at lists.distributed.net
rc5-digest subscribers replace rc5 with rc5-digest



More information about the rc5 mailing list