handling weak keys using random selection and CSPRNGs

Perry E. Metzger perry at piermont.com
Fri Oct 13 09:25:16 EDT 2006


"Travis H." <solinym at gmail.com> writes:
> On 10/12/06, Leichter, Jerry <leichter_jerrold at emc.com> wrote:
>> Beyond that:  Are weak keys even detectable using a ciphertext-only
>> attack (beyond simply trying them - but that can be done with *any* small
>> set of keys)?
>
> Yes, generally, that's the definition of a weak key.

No, that is not the definition of a weak key.

Look at DES weak keys, for example. They are simply keys for which the
encryption and decryption transform are identical -- encrypting twice
with the weak key returns you to the plaintext -- but they are not in
some way obviously detectable without trying them.

Might I suggest reading the literature on this before discussing it
further?

Perry

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com



More information about the cryptography mailing list