Re: Fwd: Re: Quor's cypher
nobody@REPLAY.COM: (21 Sep 1997)
This is a really nifty encryption program. It runs about half the speed of rc4, but seems much more secure.
--- Forwarded Message:
From: quor@nym.alias.net Subject: Re: tell me what you think of this...
[snip]
/* Qcypher.c */
[snip]
Has anybody got anything good against this ? I can get about 1/32 of the state with a simple form of differential cryptanalysis, but can't see how to progress it beyond that. My attack takes a long chunk of known text and looks for repetition. ppppppppppppppp.11.pppppppppppppppppppppp ccccccccccccccc.22.cccccccccccccccccccccc When a two neighbouring p-c pairs are the same you can test whether they have the same value of a and b. (That is a_n == a_n+1 and b_n == b+n+1, a != b usually.) This involves 16 inputs to each byte - very cheap. What I really want next is to know "a". Because c is always known (it's only a counter) if you always knew "a" you'd have a handle on "b" because only 2 (predictable) elements of the state array change with each byte encrypted. -- ############################################################## # Antonomasia ant@notatla.demon.co.uk # # See http://www.notatla.demon.co.uk/ # ##############################################################
Antonomasia <ant@notatla.demon.co.uk> wrote:
My attack takes a long chunk of known text and looks for repetition.
ppppppppppppppp.11.pppppppppppppppppppppp ccccccccccccccc.22.cccccccccccccccccccccc
When a two neighbouring p-c pairs are the same you can test whether they have the same value of a and b. (That is a_n == a_n+1 and b_n == b+n+1, a != b usually.)
This involves 16 inputs to each byte - very cheap. What I really want next is to know "a".
Wouldn't this only happen (on average) in one out of every 65536 p-c pairs? Since the state array is changed entirely with every 128 bytes encrypted, 1 out of 2^16 doesn't seem to help much.
participants (2)
-
Antonomasia -
nobody@REPLAY.COM