[173] in cryptography@c2.net mail archive
Re: 40-bit rc2/4
daemon@ATHENA.MIT.EDU (Steve Reid)
Wed Feb 5 17:32:47 1997
Date: Wed, 5 Feb 1997 13:32:47 -0800 (PST)
From: Steve Reid <steve@edmweb.com>
To: Michael Paul Johnson <mikej2@Exabyte.COM>
cc: Greg Rose <ggr@qualcomm.com>, cryptography@c2.net
In-Reply-To: <Pine.SUN.3.95.970205130215.1439A-100000@gedora>
> It is not so amazing that the 40 bit size is tied to a specific
> algorithm, however, since the algorithm used strongly affects the
> brute force search work that needs to be done to crack a key. For
> example, Blowfish and Diamond2 are both designed (intentionally) to
> make rekeying the cipher a much slower operation than encryption and
> decryption, thus offering much better performance to the honest user
> than to the spy.
RC4 isn't a speed daemon when it comes to key setup, either.
I would guess that the NSA limits the choice of algorithm so that they
don't have to redesign their brute-force cracker(s) for every new
algorithm that comes along.
I don't know about RC2, but implementing an RC4 cracker in hardware is
said to not work very well (compared to DES, for example) because the
algorithm was designed to be efficient in software. It seems odd that
they would choose this algorithm for export... A hardware-efficient
algorithm would probably be easier for them to crack on specially
designed cracker machines. Maybe this says something about their
cracking methods?
As for intentionally designing algorithms so that rekeying is
especially slow, I don't think that's such a great idea, except for
export-grade algorithms. Slow key setup can limit the usefulness of an
algorithm in some situations. If I'm not mistaken, slow key setup is
usually the result of a PRNG-based key schedual that spreads out key
bits through all of the subkeys, to make related-key cryptanalysis a
lot more difficult. Using a decent keysize is by far the best way to
make performance to the honest user better than to the spy. Of course,
when that option is not available (export restictions), slow key setup
is the next best thing, if you can still export it.
