From: Raph Levien <raph@acm.org>
Date: Sat, 19 Sep 1998 23:26:55 +0800
To: cypherpunks@Algebra.COM
Subject: Re: Repost in text: IDEA(tm) weakness
In-Reply-To: <199809200116.DAA28107@replay.com>
Message-ID: <360484E7.11556EA4@acm.org>
MIME-Version: 1.0
Content-Type: text/plain



A quick review reveals that this is clearly another "PGP is broken"
hoax. The author is assuming that IDEA's * operation has a nonuniform
distribution of outputs given a uniform distribution of inputs. Since it
is taken mod 65537 (a prime), this is simply not the case - for constant
x, x * y mod 65537 is a permutation over y. Everything else flows from
this flawed assumption.

The rest of the post is silly as well. "Not tested on real PGP data
because I couldn't find where the IDEA data starts." Very funny, this
info is quite accessible. Also, posting the technique but witholding the
code is ridiculous. If the technique worked, it would get implemented
within hours.

Oh well. It was exciting for a minute or two.

Raph