Other Directory Sites: SeekWonder | Directory Owners Forum
The following archive was created by hippie-mail 7.98617-22 on Sat Apr 10 1999 - 01:18:28
Ben Laurie (ben@algroup.co.uk)
Thu, 18 Feb 1999 17:58:02 +0000
Stuey Monster wrote:
>
> staym@accessdata.com wrote:
> >
> > Given plaintext P and key Kn, calculate Cn=E(Kn,P). Take a subset of
> > the bits of Cn and call them K(n+1). Repeat.
> >
> > If DES is close to a random function, this should have a period of about
> > 2^56. Does it?
> > --
>
> um. maybe. remember there exist weak, semi-weak, possibly weak, and
> complement keys for DES. They're not really an issue, in a general
> sense, but if you're looking to re-key based on previous encryptions,
> they might have an effect on the cycle...
> Page 348 of Schneier: "...DES is very far away from being a group." I
> take that to mean two things. one: double encryption is useful. two:
> mucking with Cn and dumping it back in as a key for a new round just
> might yield a period way higher than 2^56 (then again it might not),
> since a new key has it's own mapping from ciphertext to plaintext, and
> you're forgetting that the 64 bit block for P that you start with
> affects the long term behavior of this cycle as much as the initial
> chioce of Kn.
Err? The formula presented reuses P each time, so although the cycle
depends on P, it _cannot_ be longer than 2^56, since at that point you
must have a Kn that you already used.
Cbeers,
Ben.
-- http://www.apache-ssl.org/ben.html"My grandfather once told me that there are two kinds of people: those who work and those who take the credit. He told me to try to be in the first group; there was less competition there." - Indira Gandhi
The following archive was created by hippie-mail 7.98617-22 on Sat Apr 10 1999 - 01:18:28