[RC5] What does finding the contest key prove?

Lothar Kimmeringer kimmerin at online.de
Sat Apr 17 12:39:39 EDT 1999


On Fri, 16 Apr 1999 20:35:24 -0400, Matthew_Webber at cca-int.com wrote:

>(1) What would this do to the time required to crack the key? My
point was
>that our present tests (where we know part of the plaintext) do not
tell us
>anything about the real-life time required to crack.

For checking a text for a string there are many powerful tools.
You can implement the test mentioned by Adam into the decryption-
routines, because these mostly decrypts byte- or word-wise.
If the decryption of a word results to a not-suitable character,
you can skipt the rest of it.

>(2) I don't think your method would work if the text was not in
English, or

If you don't understand the language, the message is written in,
why do you want to read it? ;-) If you're looking for text of a
language, that has additional characters, you have to check for
these in addition to the ASCII-characters. The additional
characters are all places beyond chr(127).

>was 'encrypted' using some very simple scheme (eg a->b, b->c, c->d
>before being put through DES or whatever.

This "encryption" is based on "security by obscurity". This type
of encryption can only be used in closed systems. It's not possible
to use it for protocols in Internet.

But that's not the point. What we're proving here all together,
is that it's possible for people with not that much money to
crack encryption-systems, that are mostly used by banks and
other organizations for securing sensible data.
In germany every EC-card (kind of credit-card, but not exactly
the same) was "secured" with DES. The secret-number, that
allowes you to get money from the "bankomats" (don't know the
english word for it) all over europe was encrypted with DES.

Since one year ago all german banks told everybody, that DES
had a high security-level and there were no way to crack it...
Distributed.net and other organizations like CCC helped to
prove that it's not. More and more courts accepts this and
now more or less all banks have changed the encryption to

Best regards

Version: PGPfreeware 5.5.3i for non-commercial use <http://www.pgpi.com>


Lothar Kimmeringer                          E-Mail: kimmerin at online.de

Always remember: The answer is forty-two, there can only be wrong

To unsubscribe, send 'unsubscribe rc5' to majordomo at lists.distributed.net
rc5-digest subscribers replace rc5 with rc5-digest

More information about the rc5 mailing list