Careful with subkeys - Re: Hi again, and an invitation to kibitz
Peter M Allan
peter.allan at aeat.co.uk
Wed Jan 15 10:14:29 PST 1997
Amanda Walker wrote:
> I'm considering DES-EDE (the easy option), Blowfish (also pretty easy),
> or the DES variant Bruce Schneier describes in Applied Cryptography, 2nd ed.
> (the one with independent subkeys).
This might be a bad idea. Rumor has it that independent subkeys
are eaten alive by related-key attacks (not very practical usually).
I think I saw this in a post by Matt Blaze about last November on coderpunks.
That post suggested 2 key schedule strategies:
1) planned, like DES, by people who know how a particular schedule
affects related-key attacks
2) scrambled, like Turtle & Blowfish, so that key bits all depend on
each other in a messy way
I mark the margin of my AC book with snippets like this.
I don't seem to have kept the post in question.
-- Peter Allan peter.allan at aeat.co.uk
More information about the cypherpunks-legacy
mailing list