[Cryptography] check-summed keys in secret ciphers?
Bill Frantz
frantz at pwpconsult.com
Mon Sep 30 20:23:06 EDT 2013
On 9/30/13 at 2:07 PM, leichter at lrw.com (Jerry Leichter) wrote:
>People used to wonder why NSA asked that DES keys be
>checksummed - the original IBM Lucifer algorithm used a full
>64-bit key, while DES required parity bits on each byte. On
>the one hand, this decreased the key size from 64 to 56 bits;
>on the other, it turns out that under differential crypto
>attack, DES only provides about 56 bits of security anyway.
>NSA, based on what we saw in the Clipper chip, seems to like
>running crypto algorithms "tight": Just as much effective
>security as the key size implies, exactly enough rounds to
>attain it, etc. So *maybe* that was why they asked for 56-bit
>keys. Or maybe they wanted to make brute force attacks easier
>for themselves.
The effect of NSA's work with Lucifer to produce DES was:
DES was protected against differential cryptanalysis without
making this attack public.
The key was shortened from 64 bits to 56 bits adding parity bits.
I think the security side of NSA won here. It is relatively easy
to judge how much work a brute force attack will take. It is
harder to analyze the effect of an unknown attack mode. DES
users could make a informed judgment based on $$$, Moore's law,
and the speed of DES.
Cheers - Bill
-----------------------------------------------------------------------
Bill Frantz | Privacy is dead, get over | Periwinkle
(408)356-8506 | it. | 16345
Englewood Ave
www.pwpconsult.com | - Scott McNealy | Los Gatos,
CA 95032
More information about the cryptography
mailing list