From: nobody@REPLAY.COM (Anonymous)
To: cypherpunks@toad.com
Message Hash: 88f6adedad0f2c62e934771b1ee1ecd4129ebc19da656da55b56fe672d81bfdd
Message ID: <199806250705.JAA31711@basement.replay.com>
Reply To: N/A
UTC Datetime: 1998-06-25 07:04:49 UTC
Raw Date: Thu, 25 Jun 1998 00:04:49 -0700 (PDT)
From: nobody@REPLAY.COM (Anonymous)
Date: Thu, 25 Jun 1998 00:04:49 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Skipjack extensibility
Message-ID: <199806250705.JAA31711@basement.replay.com>
MIME-Version: 1.0
Content-Type: text/plain
NSA made a claim that Skipjack couldn't be extended past 80 bits of key. Most
plausible explanation to my mind is that they're lying. Second is that there is
an attack against a class of Skipjack-like ciphers that requires only a few
plaintexts and 2^80 operations. Third is that some common key-lengthening
tricks like those for 2-key-3DES, DES-X, and DEAL fail when applied to
Skipjack. I can hardly fathom one resistant to all three, but I guess it's
possible with NSA.
Seems to me that you could always figure out some construct so that no
practically-secure cipher with Skipjack's observable properties could evade
having its key lengthened with much probability. Or maybe not. IANAC.
Besides, it's impossible to make a cipher that can't be used to construct
constructs with bigger key lengths: Skipjack(cryptovariable, IDEA(key,
plaintext)) -- terminology jab intended -- provably has an effective key length
as long as IDEA's. Even if that is cheating...
Return to June 1998
Return to “nobody@REPLAY.COM (Anonymous)”