The copy of the source for idea (unix) that I have specify's a user key length of 8 bytes, but allows this to be increased to something larger. Will increasing the user keylength improve the overall security? Also, is it worth hashing the user key first, then using the hashed key as the key for encryption and decryption? Or am I wasting my time? Last thing -- how secure is unix "rm"? If something is rm'd, is it really really gone? Thnks..
The copy of the source for idea (unix) that I have specify's a user key length of 8 bytes, but allows this to be increased to something larger. Will increasing the user keylength improve the overall security?
Umm, I think you are confused. First, IDEA has a keysize of 16 bytes, not 8. Second, it cannot be easily changed. Sure, your code probably has a #define for the keysize, but that is just to describe the magic number, not to make it easy to change it. Increasing the keylength of IDEA, without changing anything else, will probably _NOT_ make it more secure.
Last thing -- how secure is unix "rm"? If something is rm'd, is it really really gone?
Well, it depends on what you mean by "really really gone". All RM does is remove the link from the directory entry to the file inode on disk. If the inode refcount reahes zero, then the disk blocks are marked as free. However the data in those blocks remain on disk until another file writes over them. It is theoretically possible to write a program to "unrm" a file. -derek
On Tue, 12 Dec 1995, Derek Atkins wrote:
The copy of the source for idea (unix) that I have specify's a user key length of 8 bytes, but allows this to be increased to something larger. Will increasing the user keylength improve the overall security?
Umm, I think you are confused. First, IDEA has a keysize of 16 bytes, not 8. Second, it cannot be easily changed. Sure, your code probably
/******************************************************************************/ /* */ /* I N T E R N A T I O N A L D A T A E N C R Y P T I O N A L G O R I T H M */ /* */ /******************************************************************************/ /* Author: Richard De Moliner (demoliner@isi.ee.ethz.ch) */ /* Signal and Information Processing Laboratory */ /* Swiss Federal Institute of Technology */ /* CH-8092 Zuerich, Switzerland */ /* Created: April 23, 1992 */ /* Changes: November 16, 1993 (support of ANSI-C and C++) */ /* System: SUN SPARCstation, SUN acc ANSI-C-Compiler, SUN-OS 4.1.3 */ /******************************************************************************/ /* Change this type definitions to the representations in your computer. */ [snipped irrelivant bits] /******************************************************************************/ /* It is possible to change this values. */ #define Idea_nofRound 8 /* number of rounds */ #define Idea_userKeyLen 8 /* user key length (8 or larger) */ /******************************************************************************/ /* Do not change the lines below. */ #define Idea_dataLen 4 /* plain-/ciphertext block length*/ #define Idea_keyLen (Idea_nofRound * 6 + 4) /* en-/decryption key length */ #define Idea_dataSize (Idea_dataLen * 2) /* 8 bytes = 64 bits */ #define Idea_userKeySize (Idea_userKeyLen * 2) /* 16 bytes = 128 bits */ [end cut out] So what im reading here is; A) it is possible to change the value of the userkeylength, and B) the actual key is (2 * userkeylen) or in the case of an 8byte key, 2 * 8bytes = 16 bytes = 128bits. Maybe im crazy.
-----BEGIN PGP SIGNED MESSAGE----- On Tue, 12 Dec 1995, Ben Holiday wrote:
The copy of the source for idea (unix) that I have specify's a user key length of 8 bytes, but allows this to be increased to something larger. Will increasing the user keylength improve the overall security?
IDEA uses 128-bit keys. The program must do some XORing with the user key to expand it to 16 bytes. Therefore, I would guess that it would be more secure to use a longer key.
Also, is it worth hashing the user key first, then using the hashed key as the key for encryption and decryption? Or am I wasting my time?
It probably isn't going to help with security at all if you plan to use a hexadecimal representation of the hash as is the common output of hashing programs. The best key would be one that uses random letters, numbers, and symbols.
Last thing -- how secure is unix "rm"? If something is rm'd, is it really really gone?
Not very secure. I have heard that there is a Linux undelete and there might be a similar program for other Unices. If the hard drive is examined using special hardware, data will be recoverable. The data should be overwritten at least five times, maybe more depending on the level of security you want, before being deleted. -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMM46pLZc+sv5siulAQFZgwQAh/TFur/p9yMlTD9qM0/sT6olo6aKGjGb OGas4p939mqfPdCu4LFyD6Tcg79YA90a108IEcE+rQB4o40/zDSkvoEUOz7a6nlb vqxI6Lv8Qdv40mVmH9Bxd9OhX+Vgsb7pkTHj9ViHlw9X2xjnwOSiKAu7nRupG1Tj A3IrqyCGapA= =us1o -----END PGP SIGNATURE----- finger markm@voicenet.com for Public Key http://www.voicenet.com/~markm/ Key-ID: 0xF9B22BA5 Fingerprint: bd24d08e3cbb53472054fa56002258d5 -----BEGIN GEEK CODE BLOCK----- Version: 3.1 GAT d- s:- a? C++++ U+++>$ P+++ L++(+++) E--- W++(--) N+++ o- K w--- O- M- V-- PS+++>$ PE-(++) Y++ PGP+(++) t-@ 5? X++ R-- tv+ b+++ DI+ D++ G+++ e! h* r! y? ------END GEEK CODE BLOCK------
participants (3)
-
Ben Holiday -
Derek Atkins -
Mark M.