From: thad@hammerhead.com (Thaddeus J. Beier)
Date: Sun, 10 Sep 95 08:12:45 PDT
To: cypherpunks@toad.com
Subject: 64 bit crypto
Message-ID: <199509101504.IAA04932@hammerhead.com>
MIME-Version: 1.0
Content-Type: text/plain



Say that we wanted to use 80 bit RC4 for our crypto application, but we were
only allowed to use 64 bit crypto because we lived in some police state that
enforced its wishes.   Couldn't we modify RC4 easily to provide the same
security against brute-force attacks by just running the key-setup phase
65536 times instead of just once?  That would slow down the key-setup (on
my machine) from 50,000 per second to just over 1 second, but so what?  It
takes ATT more than 1 second to set up a long distance call, I can wait
another second to start the conversation.

If our breaking of 40 bit RC4 was a one, then this 64 bit RC4-modified would
be a 109,951,162,776, well beyond possibilities that I can imagine.  You might
say that you could save all 2^64 key tables, but that is a huge amount of data,
millions of terabyte-capacity tapes.

In the GAK proceedings, I have never heard of any limitation on the algorithm,
just that it be public and 64 bits or less.  And, of course, have GAK.  Of
course, it wouldn't surprise me for this kind of technical fix to be
immediately outlawed by the aforementioned police state.


thad
-- Thaddeus Beier                   email:  thad@hammerhead.com
   Technology Development             vox:  408) 286-3376
   Hammerhead Productions             fax:  408) 292-8624