From: peter.allan@aeat.co.uk (Peter M Allan)
Date: Wed, 15 Jan 1997 10:14:29 -0800 (PST)
To: cypherpunks@toad.com
Subject: Careful with subkeys - Re: Hi again, and an invitation to kibitz
Message-ID: <9701151814.AA10309@clare.risley.aeat.co.uk>
MIME-Version: 1.0
Content-Type: text/plain




Amanda Walker wrote:

>  I'm considering DES-EDE (the easy option), Blowfish (also pretty easy),
>  or the DES variant Bruce Schneier describes in Applied Cryptography, 2nd ed.
>  (the one with independent subkeys).


This might be a bad idea.  Rumor has it that independent subkeys
are eaten alive by related-key attacks (not very practical usually).
I think I saw this in a post by Matt Blaze about last November on coderpunks.

That post suggested 2 key schedule strategies:

1)  planned, like DES, by people who know how a particular schedule
    affects related-key attacks

2)  scrambled, like Turtle & Blowfish, so that key bits all depend on
    each other in a messy way

I mark the margin of my AC book with snippets like this.
I don't seem to have kept the post in question.


 -- Peter Allan    peter.allan@aeat.co.uk