From: uri@watson.ibm.com
To: eichin@cygnus.com (Mark Eichin)
Message Hash: 2e7798570770806bb1d7d9675ca247862416b7171c3a2da4060a0cca5c41f8ec
Message ID: <9307112144.AA13032@buoy.watson.ibm.com>
Reply To: <9307110345.AA10983@cygnus.com>
UTC Datetime: 1993-07-11 21:44:38 UTC
Raw Date: Sun, 11 Jul 93 14:44:38 PDT
From: uri@watson.ibm.com
Date: Sun, 11 Jul 93 14:44:38 PDT
To: eichin@cygnus.com (Mark Eichin)
Subject: Re: encrypted email software
In-Reply-To: <9307110345.AA10983@cygnus.com>
Message-ID: <9307112144.AA13032@buoy.watson.ibm.com>
MIME-Version: 1.0
Content-Type: text/plain
Mark Eichin says:
> >> While longer key indeed offers little protection against attacks
> >> like differential cryptanalysis - it's hard to argue that it can
> >> blow brute-force attack out of the water...
> But isn't the idea differential cryptanalysis *can* blow
> brute-force out of the water if the algorithm is sensitive to it, and
> the symmetries that could be introduced by 64-bit DES keying might
> have made it thus sensitive. It isn't just that extra key "offers
> little protection", it might actually *weaken* the algorithm. (No, I'm
> not an expert on DES, but I've followed the net, read the FIPS, read
> Biham-Shamir, and thought about it a bit for myself.)
Well, to the best of my knowledge, "sliding attack" does NOT
care about the length of a key - because it deduces the
subkeys DIRECTLY. This means - one doesn't WEAKEN an
algorithm by increasing the key length, it just
doesn't help against "sliding attack"...
And in order to pull out this "sliding attack" one HAS to
have either enough of PLAINTEXT-CIPHERTEXT pairs, or even
better - to be able to run CHOSEN-PLAINTEXT attack. How
much are you afraid of such an attack against your e-mail?
[Assuming you use one-time RSA-encrypted DES key, of
course :-]
--
Regards,
Uri uri@watson.ibm.com scifi!angmar!uri N2RIU
-----------
<Disclamer>
From cypherpunks-request Sun Jul 11 20:17:07 1993
Return to July 1993
Return to “uri@watson.ibm.com”