DES Question
uri at watson.ibm.com
uri at watson.ibm.com
Tue Mar 1 06:57:40 PST 1994
Phil Karn says:
> >Second question: The DES code that I have (not written by me) has a
> >comment section which describes filling all 16 subkeys seperately,
> >thereby allowing a 128 byte key. Is there any significant advantage to
> >doing this? Is there any reason that I should not do it?
> That sounds like my code. That feature seemed like a good thing to do
> at the time. Then I learned about differential cryptanalysis. No, you
> cannot strengthen DES in this way, and in fact you could actually
> weaken it unless you are sure to use 128 completely random bytes for
> your key.
Phil is wrong and ys you can strengthen DES by choosing completely
independent subkeys, rather than generating the subkeys with known
algorithm from 56-bit "seed".
However, the additional strength will mostly go towards foiling
brute-force attacks.
Note, that it will take about 2^60 chosen plaintexts instead
of 2^47 to mount differential cryptanalysis attack, and also
linear cryptanalysis is somewhat hampered by using subkeys
independently generated.
> >What is the purpose of the initial and final permutations?
> Mainly to sabotage the performance of DES software implementations.
> Even back then the government knew it was much easier to control
> the dissemination of hardware than software.
Wrong. Pure hardware requirements - nothing so subtle as to
"complicate" software implementation, simply peculiarity of
that day hardware... Trust me! (:-)
--
Regards,
Uri uri at watson.ibm.com scifi!angmar!uri N2RIU
-----------
<Disclamer>
>From owner-cypherpunks Tue Mar 1 06:58:15 1994
More information about the cypherpunks-legacy
mailing list