Attacks against GOST? Was: Protocol Construction

[Joseph Ashwood]

My apologies for the delay, I had forgotten the draft message.

--------------------------------------------------
From: "Alexander Klimov" <alserkli at inbox.ru>
Subject: Attacks against GOST? Was: Protocol Construction

> On Sun, 2 Aug 2009, Joseph Ashwood wrote:
>> > So far, evidence supports the idea that the stereotypical Soviet
>> > tendency to overdesign might have been a better plan after all,
>> > because the paranoia about future discoveries and breaks that
>> > motivated that overdesign is being regularly proven out.
>>
>> And that is why Kelsey found an attack on GOST
>
> Do you want to say that the GOST (28147-89) block cipher is broken? I
> have never heard of an attack against it that is faster than the
> exhaustive search.

I just said there are attacks, the situation is open for interpretation 
because of the nature of the attacks and the unknown S-box. Kelsey and 
Schneier published the first related key attack in 1996, in 1997 Kelsey 
enhanced the attack. My point was that the proposed method of boosting 
security (increased key size and rounds) does not necessarily correlate to 
increased security and since GOST was given as an example of how to do it 
"right" the attacks by Kelsey, et al mattered.

> By the way, it was not "overdesign" (IMO it is simpler even than DES),
> nor it was an example of "the stereotypical Soviet..." According to an
> informed source [1], it was specifically made to be not like military
> ciphers:  its only purpose was to make something for non-military
> cryptography that would not betray any Soviet cryptographic know-how
> (this is why they chose to do something very similar to DES).

Good to know, I didn't remember that part.
                Joe 

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com