From: Bill Sommerfeld <sommerfeld@orchard.medford.ma.us>
Date: Tue, 24 Oct 95 20:17:57 PDT
To: patrick@verity.com (Patrick Horgan)
Subject: Re: textbooks
In-Reply-To: <9510242121.AA07455@cantina.verity.com>
Message-ID: <199510250308.DAA01044@orchard.medford.ma.us>
MIME-Version: 1.0
Content-Type: text/plain


I meant to bring this up with Charlie Kaufman and Radia Perlman when I
got the book, but never got around to it..

The following line of thinking was inspired by the NSA "patch" to SHA:
the addition of a rotate-left-one-bit operation to each round of SHA,
which yields faster mixing between values in bit positions within the
input.

> The quick proof of why the initial and final permutations add nothing to 
> the security of DES is presented in an informal and quite obvious sidebar.

Actually, I found the proof not completely convincing.  It's really a
proof that it doesn't strengthen the DES against a *known plaintext*
attack, but there are other weaker attacks it may make marginally more
difficult (or easier..); for instance, partially-known plaintext or
some forms of verifiable plaintext.

The FP/IP don't add *much* security, but I'm not about to say that
they add *no* security.

> The comment is made that by the same argument the permutation of the key
> in the generating of per-round keys also adds nothing to security.

Again, their proof assumed that all the bits of the key are
independant and unbiased -- which they will be if you're careful, but
won't be if you're stupid.

Remember that the NSA designs ciphers for use by people with a high
school diploma or less :-).

					- Bill