[2862] in cryptography@c2.net mail archive
Re: Musings on Skipjack
daemon@ATHENA.MIT.EDU (sinster@darkwater.com)
Thu Jun 25 16:15:40 1998
Date: Thu, 25 Jun 1998 12:48:32 -0700 (PDT)
To: cryptography@c2.net
In-reply-to: <199806251929.PAA00272@jekyll.piermont.com> (perry@piermont.com)
From: sinster@darkwater.com
Sprach "Perry E. Metzger" <perry@piermont.com>:
> If people could come up with substantially better F()s from the point
> of view of linear and differential analysis, the result would be
> interesting since it might indicate that there is something we don't
> know.
Of course, it could also just mean that the NSA didn't notice the
better F(). Sometimes it doesn't take a better mind, it just takes
a different one. Many is the time in contracting that I have found
all the client's engineers unable to see a trivial solution to their
problem: not because they're dumb, but because they're mentally
stuck in a rut.
I'm not saying this is likely in the NSA's case, simply that it's
possible.
[ I personally find the notion that the NSA would not have put in the
best possible F() function given attacks they knew about at the time
of the design extraordinarily unlikely. Resistance to differential
and linear attack isn't a "better mind" problem. Finding better designs
is now down to a science. See the design methods used for CAST, for
example. Given that the cipher was attacked by cryptanalysts for years,
I doubt that they wouldn't have used the best they could. --Perry ]
--
Jon Paul Nollmann ne' Darren Senn sinster@balltech.net
Unsolicited commercial email will be archived at $1/byte/day.
The optimist proclaims that we live in the best of all possible worlds; and
the pessimist fears this is true.
James Branch Cabell, The Silver Stallion, 1926
