[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: textbooks



I meant to bring this up with Charlie Kaufman and Radia Perlman when I
got the book, but never got around to it..

The following line of thinking was inspired by the NSA "patch" to SHA:
the addition of a rotate-left-one-bit operation to each round of SHA,
which yields faster mixing between values in bit positions within the
input.

> The quick proof of why the initial and final permutations add nothing to 
> the security of DES is presented in an informal and quite obvious sidebar.

Actually, I found the proof not completely convincing.  It's really a
proof that it doesn't strengthen the DES against a *known plaintext*
attack, but there are other weaker attacks it may make marginally more
difficult (or easier..); for instance, partially-known plaintext or
some forms of verifiable plaintext.

The FP/IP don't add *much* security, but I'm not about to say that
they add *no* security.

> The comment is made that by the same argument the permutation of the key
> in the generating of per-round keys also adds nothing to security.

Again, their proof assumed that all the bits of the key are
independant and unbiased -- which they will be if you're careful, but
won't be if you're stupid.

Remember that the NSA designs ciphers for use by people with a high
school diploma or less :-).

					- Bill