[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: EFF misstatements in DeCSS brief
In <v04210107b49ec5fed054@[63.193.122.223]>, Martin Minow <[email protected]>
wrote:
> Not being a skilled cryptanalyst, I defer to others to determine
> the difficulty represented by 4 GB of plaintext/cyphertext,
> a 40 bit key, and the economic/technical constraints on consumer
> hardware.
A trivial example where even arbitrary amounts of plaintext+ciphertext
plus knowledge of a 40-bit key will not help:
Let the cipher be a modified version of AES in the mode where it uses a
256 bit key. It is modified to have 216 bits of the 256 be a built-in,
fixed (but high-entropy) value. The resulting cipher uses a 40-bit key
which is concatenated with the fixed 216 bits to produce the 256 bit key
for AES.
Without access to the encrypt/decrypt code, there is no way any
cryptanalyst can break this cipher given even 4GB of plaintext+ciphertext
and the 40 bit key.
Granted, the CSS cipher is much weaker than AES, but even there it would
be extremely challenging to deduce the cipher structure, along with its
weaknesses, given only the data and key.