From: eichin@cygnus.com (Mark Eichin)
To: mike@EGFABT.ORG
Message Hash: 6a21529a22e02851e4bfb910784480aca4f1c339df549219692036b0d3215c64
Message ID: <9307092304.AA14157@cygnus.com>
Reply To: <k0XF7B1w165w@EGFABT.ORG>
UTC Datetime: 1993-07-09 23:04:58 UTC
Raw Date: Fri, 9 Jul 93 16:04:58 PDT
From: eichin@cygnus.com (Mark Eichin)
Date: Fri, 9 Jul 93 16:04:58 PDT
To: mike@EGFABT.ORG
Subject: encrypted email software
In-Reply-To: <k0XF7B1w165w@EGFABT.ORG>
Message-ID: <9307092304.AA14157@cygnus.com>
MIME-Version: 1.0
Content-Type: text/plain
>> it and came to the conclusion that it was secure, though questions are
>> still around about why it was changed from 64 bit to 56 bit, ...
Didn't someone figure out a way that the 64 bit version would
be more vulnerable to differential cryptanalysis (which was known to
IBM as the "sliding attack" back when DES was being developed) than
the 56 bit one was? And I've heard indications that the predecessor
"Lucifer" at 128 bits had some trivial "meet-in-the-middle" attack
that left it at least as weak as 64 bits.
The only "backdoor" concept I've heard which had a technical
basis behind it was a few years back, when some researcher figured out
a way to *produce* S-boxes with particular types of holes, and
concluded that it was impossible to identify if the holes where there
or not unless you knew the precise formulation... I think it even had
a two-of-three challenge, ie, published 3 sets of s-boxes, one or two
of which were "trapped" in this way, as a challenge for people to find
methods of locating them. (The technical basis stops there -- the
psychological or political question that follows is "did NSA/IBM know
about this technique? Assuming they did, did they choose the s-boxes
with or without holes?")
_Mark_ <eichin@athena.mit.edu>
MIT Student Information Processing Board
Cygnus Support <eichin@cygnus.com>
Return to July 1993
Return to “uri@watson.ibm.com”