DES Cryptanalysis
I'm looking for pointers, or perhaps an explanation of the statement I found in Applied Cryptography (section 9.6) where it implies that if the IV is not unique in CFB mode, the cryptanalyst can recover the plaintext. The reason that this interests me is that I have a file, encrypted with DES in CFB mode. I believe I know the first 8 bytes of plaintext and I also know the IV used. While it'd be nice to decrypt this file, I don't know that it'd be worth brute forcing the key, even if the spare cycles to do it were available. Any pointers to any pertinant information would be appreciated. Thanks. -- Kevin L. Prigge |"A computer lets you make more mistakes faster UofM Central Computing | than any invention in human history--with the email: klp@umn.edu | possible exceptions of handguns and tequila." 01001001110101100110001| - Mitch Ratcliffe
Kevin L. Prigge writes:
I'm looking for pointers, or perhaps an explanation of the statement I found in Applied Cryptography (section 9.6) where it implies that if the IV is not unique in CFB mode, the cryptanalyst can recover the plaintext.
The reason that this interests me is that I have a file, encrypted with DES in CFB mode. I believe I know the first 8 bytes of plaintext and I also know the IV used.
I don't believe you have much cause for hope here. The IV usually accompanies the ciphertext in the clear. Knowing the first 8 bytes of plaintext gives you precious little additional information in CFB mode, for the purposes of decryption. (It looks like you might be able to reconstruct the ciphertext of the encrypted IV, giving you a single plaintext/ciphertext pair, but that's about it....) Generally it's advisable to use a different IV for each encryption to avoid correlations between the ciphertexts for plaintexts that have the same prefix. If you always used the same IV, then two messages that start with the same text would encrypt to the same initial piece of ciphertext. (This is not the only reason, but I think it's the main one.) -Futplex <futplex@pseudonym.com>
participants (2)
-
futplexï¼ pseudonym.com -
Kevin L Prigge