17 Dec
2003
17 Dec
'03
11:17 p.m.
More interesting, though, is this: why would a block cipher use key bits rather than an LFSR to do input or output whitening? Is it strictly a performance issue? Is it proven that doing this doesn't leak key bits in some way?
Mike
In many newer block ciphers, the key schedule comes from a fairly good one way hash of the key. Take a look at RC6, or TwoFish. Essentially this accomplishes the same thing as using a good LSFR. Harv.