[Cryptography] Dan Bernstein has a new blog entry on key breaking
Viktor Dukhovni
cryptography at dukhovni.org
Mon Nov 23 13:23:18 EST 2015
On Mon, Nov 23, 2015 at 12:30:08PM -0500, Phillip Hallam-Baker wrote:
> > The DES-X trick always struck me as cheesy -- it should not work,
> > since what it does is incredibly lame. And yet it seemed to be very
> > hard to attack.
>
> Unless someone was to goof and leak the key by screwing up the XOR.
>
> Problem is that you need to know the XOR value or the key for the other
> en-whitener (e.g. RC4). If you don't have a separate key derivation
> mechanism, you aren't actually getting the benefit. You have just invented
> a new cipher with an extra round. Albeit an extra round of a very different
> kind.
The other key can simply be the same for every block, no need for
RC4:
K_1 xor AES(K_2, data) xor K_1
Same K_1 for every block. The DESX trick is not as cheesy as it
might seem. The DJB attack fails provided no single K_1 is shared
by many K_2's. (See the "Even Mansour" paper).
--
Viktor.
More information about the cryptography
mailing list