[RC5] What does finding the contest key prove?
kimmerin at online.de
Sat Apr 17 12:39:39 EDT 1999
-----BEGIN PGP SIGNED MESSAGE-----
On Fri, 16 Apr 1999 20:35:24 -0400, Matthew_Webber at cca-int.com wrote:
>(1) What would this do to the time required to crack the key? My
>that our present tests (where we know part of the plaintext) do not
>anything about the real-life time required to crack.
For checking a text for a string there are many powerful tools.
You can implement the test mentioned by Adam into the decryption-
routines, because these mostly decrypts byte- or word-wise.
If the decryption of a word results to a not-suitable character,
you can skipt the rest of it.
>(2) I don't think your method would work if the text was not in
If you don't understand the language, the message is written in,
why do you want to read it? ;-) If you're looking for text of a
language, that has additional characters, you have to check for
these in addition to the ASCII-characters. The additional
characters are all places beyond chr(127).
>was 'encrypted' using some very simple scheme (eg a->b, b->c, c->d
>before being put through DES or whatever.
This "encryption" is based on "security by obscurity". This type
of encryption can only be used in closed systems. It's not possible
to use it for protocols in Internet.
But that's not the point. What we're proving here all together,
is that it's possible for people with not that much money to
crack encryption-systems, that are mostly used by banks and
other organizations for securing sensible data.
In germany every EC-card (kind of credit-card, but not exactly
the same) was "secured" with DES. The secret-number, that
allowes you to get money from the "bankomats" (don't know the
english word for it) all over europe was encrypted with DES.
Since one year ago all german banks told everybody, that DES
had a high security-level and there were no way to crack it...
Distributed.net and other organizations like CCC helped to
prove that it's not. More and more courts accepts this and
now more or less all banks have changed the encryption to
-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 5.5.3i for non-commercial use <http://www.pgpi.com>
-----END PGP SIGNATURE-----
Lothar Kimmeringer E-Mail: kimmerin at online.de
Always remember: The answer is forty-two, there can only be wrong
To unsubscribe, send 'unsubscribe rc5' to majordomo at lists.distributed.net
rc5-digest subscribers replace rc5 with rc5-digest
More information about the rc5