[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: textbooks

To: [email protected] (Patrick Horgan)
Subject: Re: textbooks
From: Bill Sommerfeld <[email protected]>
Date: Tue, 24 Oct 1995 23:07:30 -0400
Cc: [email protected], [email protected]
In-Reply-To: Your message of "Tue, 24 Oct 1995 14:21:37 -0700 ." <[email protected]>
Sender: [email protected]

I meant to bring this up with Charlie Kaufman and Radia Perlman when I
got the book, but never got around to it..

The following line of thinking was inspired by the NSA "patch" to SHA:
the addition of a rotate-left-one-bit operation to each round of SHA,
which yields faster mixing between values in bit positions within the
input.

> The quick proof of why the initial and final permutations add nothing to 
> the security of DES is presented in an informal and quite obvious sidebar.

Actually, I found the proof not completely convincing.  It's really a
proof that it doesn't strengthen the DES against a *known plaintext*
attack, but there are other weaker attacks it may make marginally more
difficult (or easier..); for instance, partially-known plaintext or
some forms of verifiable plaintext.

The FP/IP don't add *much* security, but I'm not about to say that
they add *no* security.

> The comment is made that by the same argument the permutation of the key
> in the generating of per-round keys also adds nothing to security.

Again, their proof assumed that all the bits of the key are
independant and unbiased -- which they will be if you're careful, but
won't be if you're stupid.

Remember that the NSA designs ciphers for use by people with a high
school diploma or less :-).

					- Bill

References:
- Re: textbooks
  - From: [email protected] (Patrick Horgan)

Prev by Date: Re: Netscape Logic Bomb detailed by IETF
Next by Date: Quick commercial package question
Prev by thread: Re: textbooks
Next by thread: Re: textbooks
Index(es):
- Date
- Thread