[2043] in cryptography@c2.net mail archive
Re: Speeding up a DES cracker yet again
daemon@ATHENA.MIT.EDU (Frank (Giff) Gifford)
Wed Jan 14 12:24:35 1998
Date: Wed, 14 Jan 1998 08:04:52 -0500 (EST)
From: "Frank (Giff) Gifford" <giff@va.pubnix.com>
To: Colin Plumb <colin@nyx.net>
cc: cryptography@c2.net
In-Reply-To: <199801140044.RAA22388@nyx10.nyx.net>
On Tue, 13 Jan 1998, Colin Plumb wrote:
> You're quite right. In the standrd DES key layout, with parity in the
> LSBs, this corresponds to XORing the first 4 bytes of the ley with 0xe1
> and the last 4 bytes with 0xf0.
>
> > For the DES encryption (Note! This is the encryption ignoring the IP/IP-1
> > transforms!): C = DES(P, K),
>
> > 1) Invert the top half of P and all Key bits from C0 block, the top half
> > of the output will be complemented, the lower half is unchanged.
>
> You mean the top halves, right? Top half of left and top half of right?
> Which corresponds to XORing the pre-IP plaintext and ciphertext with
> 0xF0.
Yes.
>
> > Comments? Anybody want to try modifying their source a little to test
> > that out?
>
> Yes. The E expansion foils this. The top and bottom halves (quarters?)
> of the left and right halves share some bits through the E expansion,
> which defeats the clean separation.
>
Damnit. I thought I found something good. I had to sit down and work
that out to see that if, say, the upper half of input bits to a round have
been inverted, some bits will 'leak' over to the lower half becuase of the
E-box. *sigh*
> (For what it's worth, you convinced me to actually hack on some source
> code and try this, and get annoyed when it didn't work, until I printed
> out the rounds of cipher operation and saw the problem.)
I should have done this myself. Thanks though!
-Giff