17 Dec
2003
17 Dec
'03
11:17 p.m.
Karl Lui Barrus says:
So maybe it's only of theoretical interest, sort of like differential cryptanalysis against the DES - which requires 10^47 chosen plaintexts.
Why don't you mail Biham and Shamir that their method sucks. It's fairly infeasible as well.
It *IS* infeasable, and they realize it. The breakthrough was differential cryptanalysis itself, and the discovery that DES was fairly resistant to it. The fact that they made ANY crack in it was kind of neat, by the way. A huge number of chosen plaintexts is of course pretty much not possible in practice, especially since you might not get any chosen plaintexts at all! Perry