From: "Harvey Rook (Exchange)" <hrook@exchange.microsoft.com>
Date: Wed, 28 Oct 1998 09:26:04 +0800
To: "'Michael Motyka'" <cypherpunks@toad.com
Subject: RE: No Subject
Message-ID: <2FBF98FC7852CF11912A0000000000010D19AD2A@DINO>
MIME-Version: 1.0
Content-Type: text/plain



> More interesting, though, is this: why would a block cipher 
> use key bits
> rather than an LFSR to do input or output whitening? Is it strictly a
> performance issue? Is it proven that doing this doesn't leak 
> key bits in
> some way?
> 
> Mike
> 

In many newer block ciphers, the key schedule comes from a fairly good one
way hash of the key. Take a look at RC6, or TwoFish. Essentially this
accomplishes the same thing as using a good LSFR.

Harv.