Tobias DiPasquale on 17 Feb 2005 01:21:32 -0000 |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Feb 16, 2005, at 7:35 PM, John Fiore wrote: Maybe I'm mistaken. The only DES (single DES, not triple) that I know has 64 bit keys, but every 8th bit is a parity bit, and is ignored. Could you send me pointer to the variant that you've mentioned? I'd like to read up on it. When the US governemnt originally put out the call for a national encryption standard back in the late '70's, they only got one serious response; it was from IBM. In its original form, it used all 64 bits of the key. However, before it became the DES, it was submitted to the NSA for review. They did two things: fiddled with the rounds a bit and shortened the key length to 56 bits. The first turned out to be better (more secure) for the algorithm, but the second was just so they could crack DES-encrypted messages in a reasonable amount of time if need be. I believe that you can find some crypto implementations that used 64-bit DES (I think the early secure telephone implementations used it). I call it 'full DES', referring to the standard as Standard DES. Maybe I should start calling it "Old Original DES" ;-) Yes. I think that we all understand the point of a cryptographic hash. (I think that you might want to choose a different word than "unique" though. They're not unique, which is why we have a problem.) I did qualify my statement with "within the period", the period being the base-2 exponentiation of the hash length. They could never be unique since the period is discrete. Sorry for the confusion. Could you expand on this? There are number factorization techniques that exist that allow for the recovery of the component primes from the public key more quickly than a brute force attack would specify. The two I mentioned by TLA, Quadratic Field Sieve (QFS) and Number Field Sieve (NFS), are factoring algorithms that can factor numbers to find the primes much faster than a brute force attack: http://mathworld.wolfram.com/QuadraticSieve.html http://mathworld.wolfram.com/NumberFieldSieve.html These have been used in past RSA Challenges to break smaller RSA keys: http://mathworld.wolfram.com/RSANumber.html Ironically, even though they are integer factorization techniques, they can be applied to both IFP (RSA) and DLP (El Gamal) PK cryptography algorithms almost equally well (they do a little better on IFP algorithms, I'm told). Are you sure? 2**80 is for a birthday attack. We're not talking about the birthday attack here. The average should be half of 2**160, which is 2**159. Schneier seems to think that its 2**80 (see the original blog post; URL in subject). I'm going with him on this one ;-) I agree. There should be more research into secure hash functions. There aren't enough of them, and the ones that you mention are all similar. (Are you sure that these are considered to be Feistel though?) Technically, they use unbalanced Feistel network structures that operate in non-linear feedback shift register mode. Check out Praveen Gauravarum's paper talking about this (if you can find it). There are some that are not. Whirlpool is a 512 bit message digest function that uses a Rjindael variant as the compressor function (badass). It should be interesting to read the published paper. I'll have a bottle of aspirin handy. I'm sure it won't be easy reading.
- -- Tobias DiPasquale 7A79 308C 0354 EA9C 7807 ED83 03C9 9E01 148E 7D01 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.5 (Darwin) iD8DBQFCE/GTA8meARSOfQERAuq5AKCQ9QeWbVmBKUgkpOoV5IbTp33vKwCdHmgx 3qL/eYx96D84S8PT70G7bvs= =aljW -----END PGP SIGNATURE----- ___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug
|
|