encrypted email software

uri at watson.ibm.com uri at watson.ibm.com
Sun Jul 11 14:44:38 PDT 1993


Mark Eichin says:
> >> While longer key indeed offers little protection against attacks
> >> like differential cryptanalysis - it's hard to argue that it can
> >> blow brute-force attack out of the water...
> 	But isn't the idea differential cryptanalysis *can* blow
> brute-force out of the water if the algorithm is sensitive to it, and
> the symmetries that could be introduced by 64-bit DES keying might
> have made it thus sensitive. It isn't just that extra key "offers
> little protection", it might actually *weaken* the algorithm. (No, I'm
> not an expert on DES, but I've followed the net, read the FIPS, read
> Biham-Shamir, and thought about it a bit for myself.)

Well, to the best of my knowledge, "sliding attack" does NOT
care about the length of a key - because it deduces the
subkeys DIRECTLY. This means - one doesn't WEAKEN an
algorithm by increasing the key length, it just
doesn't help against "sliding attack"...

And in order to pull out this "sliding attack" one HAS to
have either enough of PLAINTEXT-CIPHERTEXT pairs, or even
better - to be able to run CHOSEN-PLAINTEXT attack.   How
much are you afraid of such an attack against your e-mail?
[Assuming you use one-time RSA-encrypted DES key, of
course :-]
--
Regards,
Uri         uri at watson.ibm.com      scifi!angmar!uri 	N2RIU
-----------
<Disclamer>


>From cypherpunks-request  Sun Jul 11 20:17:07 1993





More information about the cypherpunks-legacy mailing list