Re: Phil Zimmerman on 'The Death of DES'
Single DES is weak, for a known plaintext attack. I think we knew that. We didn't know how weak. We can extrapolate to an NSA machine with 1 second scan of all keys, perhaps. So -- 1. use triple DES 2. before using DES, XOR with a stream from a decent PRNG (destroying the known plaintext) 3. in between DES operations, mix bytes up as with tran (posted on sci.crypt occasionally, avbl from me by mail or on ripem.msu.edu) -- spreading bytes out within a huge block, further hiding any known text - Carl
I personally favor triple DES + IDEA. The notion is that if triple DES is weak maybe IDEA isn't, and vice versa -- you are no weaker than the strongest of the two systems. Perry Carl Ellison says:
Single DES is weak, for a known plaintext attack. I think we knew that. We didn't know how weak.
We can extrapolate to an NSA machine with 1 second scan of all keys, perhaps.
So --
1. use triple DES
2. before using DES, XOR with a stream from a decent PRNG (destroying the known plaintext)
3. in between DES operations, mix bytes up as with tran (posted on sci.crypt occasionally, avbl from me by mail or on ripem.msu.edu) -- spreading bytes out within a huge block, further hiding any known text
- Carl
Carl Ellison says:
3. in between DES operations, mix bytes up as with tran (posted on sci.crypt occasionally, avbl from me by mail or on ripem.msu.edu) -- spreading bytes out within a huge block, further hiding any known text
Can someone comment on the efficacy of this technique when used in conjunction with encryption modes other than ECB, and/or with the simple XOR "pre-scramble" technique? I agree that it "couldn't hurt", security-wise, but of course it does introduce a (slight) processing overhead. If it introduces no real additional security, I don't see the point. (Enlighten me!) (This for some reason reminds me of the way little kids tie shoes; they sometimes make enormous knots which, ultimately, are weaker than a simple bow.) -- Mike McNally
On Wed, 29 Sep 1993, Mike McNally wrote:
3. in between DES operations, mix bytes up as with tran (posted on sci.crypt occasionally, avbl from me by mail or on ripem.msu.edu) -- spreading bytes out within a huge block, further hiding any known text Can someone comment on the efficacy of this technique when used in conjunction with encryption modes other than ECB, and/or with the simple XOR "pre-scramble" technique? I agree that it "couldn't hurt", security-wise, but of course it does introduce a (slight) processing overhead. If it introduces no real additional security, I don't see
Carl Ellison says: the point. (Enlighten me!)
(This for some reason reminds me of the way little kids tie shoes; they sometimes make enormous knots which, ultimately, are weaker than a simple bow.)
One integrated large block cipher is much more secure than this kind of combination of ciphers, unless you repeat them in enough rounds to make a compound product cipher out of it. In other words, des | tran really isn't much stronger than des, but des|tran|des|tran|des|tran|des|tran... could be quite strong (not to mention slow). Mike Johnson Long live the U. S. Constitution!
participants (4)
-
cme@ellisun.sw.stratus.com -
m5@vail.tivoli.com -
Michael Johnson -
Perry E. Metzger