17 Dec
2003
17 Dec
'03
11:17 p.m.
Hal <hfinney@shell.portal.com> writes: It is possible I suppose that the F and G boxes are not the ones used in the "real" version of whatever cipher this is, so this apparent weakness and the ones which Matt has pointed out may not be that significant.
To the extent that one can believe the comments, it's more than "possible": they say that the F and G boxes differ in the S-2 version. One reason for doing it this way might be to isolate the sensitive actual values from people doing analysis or development at a grosser level. That doesn't explain the [r] bug you spotted, of course. Jim Gillogly Sterday, 19 Wedmath S.R. 1995, 09:12