When using DES to encrypt email addresses, the total amount of data to be encrypted would be only 3 or 4 eight-byte DES blocks. My question is: Would CBC or CFB really be effective for such a small amount of data? Or would it be better to encrypt multiple times with transpositions in between (ie '4x3' DES as was described earlier in cypherpunks)? Second question: The DES code that I have (not written by me) has a comment section which describes filling all 16 subkeys seperately, thereby allowing a 128 byte key. Is there any significant advantage to doing this? Is there any reason that I should not do it? What is the purpose of the initial and final permutations?
Second question: The DES code that I have (not written by me) has a comment section which describes filling all 16 subkeys seperately, thereby allowing a 128 byte key. Is there any significant advantage to doing this? Is there any reason that I should not do it?
That sounds like my code. That feature seemed like a good thing to do at the time. Then I learned about differential cryptanalysis. No, you cannot strengthen DES in this way, and in fact you could actually weaken it unless you are sure to use 128 completely random bytes for your key.
What is the purpose of the initial and final permutations?
Mainly to sabotage the performance of DES software implementations. Even back then the government knew it was much easier to control the dissemination of hardware than software. Phil
Phil Karn wrote:
That sounds like my code.
Yup. :)
That feature seemed like a good thing to do at the time. Then I learned about differential cryptanalysis.
Seven years is a virtual eternity in cyberspace.
No, you cannot strengthen DES in this way, and in fact you could actually weaken it unless you are sure to use 128 completely random bytes for your key.
Okay... It would prevent brute-force attacks though, wouldn't it? It may not prevent differential cryptanalysis, but it would be difficult to obtain the large amount of data required for differential cryptanalysis from just a few encrypted email addresses. Random numbers aren't really a problem; I have a RNG running here, continuously generating random numbers from system usage statistics and incoming email. P.S. What's KA9Q?
Phil Karn says:
Second question: The DES code that I have (not written by me) has a comment section which describes filling all 16 subkeys seperately, thereby allowing a 128 byte key. Is there any significant advantage to doing this? Is there any reason that I should not do it? That sounds like my code. That feature seemed like a good thing to do at the time. Then I learned about differential cryptanalysis. No, you cannot strengthen DES in this way, and in fact you could actually weaken it unless you are sure to use 128 completely random bytes for your key.
Phil is wrong and ys you can strengthen DES by choosing completely independent subkeys, rather than generating the subkeys with known algorithm from 56-bit "seed". However, the additional strength will mostly go towards foiling brute-force attacks. Note, that it will take about 2^60 chosen plaintexts instead of 2^47 to mount differential cryptanalysis attack, and also linear cryptanalysis is somewhat hampered by using subkeys independently generated.
What is the purpose of the initial and final permutations? Mainly to sabotage the performance of DES software implementations. Even back then the government knew it was much easier to control the dissemination of hardware than software.
Wrong. Pure hardware requirements - nothing so subtle as to "complicate" software implementation, simply peculiarity of that day hardware... Trust me! (:-) -- Regards, Uri uri@watson.ibm.com scifi!angmar!uri N2RIU ----------- <Disclamer>
From owner-cypherpunks Tue Mar 1 06:58:15 1994
participants (3)
-
Matthew J Ghio -
Phil Karn -
uri@watson.ibm.com