[RC5] RC5 core questions
btalbot at ucsd.edu
Fri Jan 22 13:01:20 EST 1999
At 10:07 AM 1/22/99 -0800, you wrote:
>] 2. are there any statistics on how often you could expect the
>] low 32 bits of the produced cyphertext to match the low 32
>] bits of the expected result? eg: 50% of keys, 25%, 10% ... ?
>What I was wondering is if there are any pattern searches which I think
>might be more intersting.. if keys starting with containing certain values
>have a higher percantage of matching low 32 bits, and if so if those could
>be checked (Or if there any other patterns) I am no cryptoligist, that's for
>sure, but I'm still not convinced that the only way to break the rc5 is to
>check every possible key...
Well the whole point of a good encryption scheem is to avoid other possible
attacks such as this and force the best attack to be a brute force one. If
a simple pattern matching attack would work, the encryption wouldn't be
worth a damn.
There may indeed be other ways to break rc5, but know one knows how to yet.
If you come up with a way to easially decrypt a single message without the
key, you'll be famous ... and probably be able to solve every other
np-complete problem too!
>also, if every possible key is checked, can those keys be stored in a
>database, then retrieve later on? How big would this database be?
Well think about it. There are 2^64 possible keys by definition of rc5-64.
Assume each key is only 1 byte: so, if you used tapes that stored say 1
Terrabyte (only 2^40) per tape you'd still need 2^24 = 16 million of those
tapes. That would be a large robotic tape changer!
To unsubscribe, send 'unsubscribe rc5' to majordomo at lists.distributed.net
rc5-digest subscribers replace rc5 with rc5-digest
More information about the rc5