[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
I meant to bring this up with Charlie Kaufman and Radia Perlman when I
got the book, but never got around to it..
The following line of thinking was inspired by the NSA "patch" to SHA:
the addition of a rotate-left-one-bit operation to each round of SHA,
which yields faster mixing between values in bit positions within the
> The quick proof of why the initial and final permutations add nothing to
> the security of DES is presented in an informal and quite obvious sidebar.
Actually, I found the proof not completely convincing. It's really a
proof that it doesn't strengthen the DES against a *known plaintext*
attack, but there are other weaker attacks it may make marginally more
difficult (or easier..); for instance, partially-known plaintext or
some forms of verifiable plaintext.
The FP/IP don't add *much* security, but I'm not about to say that
they add *no* security.
> The comment is made that by the same argument the permutation of the key
> in the generating of per-round keys also adds nothing to security.
Again, their proof assumed that all the bits of the key are
independant and unbiased -- which they will be if you're careful, but
won't be if you're stupid.
Remember that the NSA designs ciphers for use by people with a high
school diploma or less :-).