[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Paranoid Musings



-----BEGIN PGP SIGNED MESSAGE-----

[ To: cypherpunks ## Date: 08/02/96 12:29 pm ##
  Subject: Paranoid Musings ]

>Date: Tue, 30 Jul 1996 11:13:59 -0700
>From: [email protected] (Bill Frantz)
>Subject: Paranoid Musings

>Sometimes paranoia strikes.  Since these musings are crypto related,
>I thought I would share them.

>Now expensive specialized cracking equipment can certainly speed up
>the process, but there may be a better way.  If cryptanalysis of RC4
>yields techniques which make the process much easier, then it is the
>ideal cypher to certify for export.

Actually, this makes sense for another reason.  Academic
cryptanalysis is often about finding any attack on a cipher that's
easier than keysearch, even if the requirements for that attack are
still completely impractical.  (Differential and linear attacks on
DES are a good example of this.)  However, if you're interested in
actually recovering data in your attacks with high probability and
low cost, then it makes sense to focus on protocol and
implementation weaknesses, and then on attacks like keysearch which
can be done with either ciphertext-only or known-plaintext.

I would guess that some of NSA's best people work on optimizing
keysearches.  This especially makes sense because of the widespread
use, first of DES, and more recently of exportable 40-bit ciphers
like RC2 and RC4.

>The paranoid conclusion is that there is a significant weakness in
>RC4.

The paranoid conclusion is that there is a significant weakness in
any cipher you're counting on.

>Bill Frantz       | Cave ab homine unius lebri | Periwinkle -- Consulting
>(408)356-8506     |  [Beware the man of one    | 16345 Englewood Ave.
>[email protected] |   book]  - Anonymous Latin | Los Gatos, CA 95032, USA

   --John Kelsey, [email protected] / [email protected]
 PGP 2.6 fingerprint = 4FE2 F421 100F BB0A 03D1 FE06 A435 7E36

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMgI7X0Hx57Ag8goBAQEsNAQAm6SbOnCkTh2EByH8Oa1GoTItx+JUE2hA
mtEDp//VW1qH5Lzem14ARGbcgIHbPQqVHN355p5pSrH7tI+RnPc45RRjmF6Ot96r
CjnOz3DWPOXx30pm4NGchKs3MmfMyeDKvL3GofMZee8qNm8IZsnMuLMhQABUIdBM
kU/oaYwfZdE=
=C9ip
-----END PGP SIGNATURE-----