[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: DES Question
Phil Karn wrote:
> That sounds like my code.
Yup. :)
> That feature seemed like a good thing to do at the time. Then I
> learned about differential cryptanalysis.
Seven years is a virtual eternity in cyberspace.
> No, you cannot strengthen DES in this way, and in fact you
> could actually weaken it unless you are sure to use 128
> completely random bytes for your key.
Okay... It would prevent brute-force attacks though, wouldn't it? It
may not prevent differential cryptanalysis, but it would be difficult to
obtain the large amount of data required for differential cryptanalysis
from just a few encrypted email addresses. Random numbers aren't really
a problem; I have a RNG running here, continuously generating random
numbers from system usage statistics and incoming email.
P.S. What's KA9Q?