Thank you, Perry, for some good comments that were flame-free. I personally appreciate that, especially considering that your comments are both apropos and good food for thought. Doug
pmetzger@lehman.com said: Karl Lui Barrus says:
So maybe it's only of theoretical interest, sort of like differential cryptanalysis against the DES - which requires 10^47 chosen plaintexts.
Why don't you mail Biham and Shamir that their method sucks. It's fairly infeasible as well.
It *IS* infeasable, and they realize it. The breakthrough was differential cryptanalysis itself, and the discovery that DES was fairly resistant to it. The fact that they made ANY crack in it was kind of neat, by the way.
A huge number of chosen plaintexts is of course pretty much not possible in practice, especially since you might not get any chosen plaintexts at all!