Hi there, At 10:19 -0700 4/6/98, Mat Butler wrote: >On Thu, 4 Jun 1998, Damir Rajnovic wrote: > >> Hi there, >> >> At 19:25 -0700 3/6/98, David Wagner wrote: >> >Either the sci.crypt folks were confused, or I am. With only 48 >> >unknown bits in the DES key, you can break the encryption 2^8 = 256 >> >times faster than you can break DES. This is a serious weakness. >> >> Probably I was unclear. What I want to say is that it does not matter >> what bits inside key are known. It is the same if you know that first >> 8 bits are 0 or middle or end bits. In all cases you must put the same >> effort to break encryption. In that sense there is no 'additional gain' >> knowing WHAT bits are fixed it does matter only that some are fixed. > >If you know the bits in the key that are fixed, you create a program to >generate all possible combinations with those bits fixed. (If nothing >else, you create a list of every possible combination of the number of >bits that aren't fixed, then insert the bits that are fixed before using >the strings as keys.) > >It -does- matter if you know what bits are fixed. We're talking the -key- >here. Not the output of the encryption. Yes, but what I was trying to say is that if you know that first 8 bits are fixed you can break encryption in X time units, so it will take again X time units to break it if last 8 bits are fixed or any other 8 bits. It will always take X time units no matter what 8 bits are known. There is no, allegedly, 8 'preferred' bits that will allow you to break it in less than X time units. Cheers, Gaus --------------------------------------------------------------- EuroCERT tel: (+44 1235) 822 382 c/o UKERNA fax: (+44 1235) 822 398 Atlas Centre Chilton, Didcot Oxfordshire OX11 0QS, UK
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:56:49 PDT