[3328] in cryptography@c2.net mail archive
r.e. quality of IDEA...
daemon@ATHENA.MIT.EDU (Rodney Thayer)
Mon Sep 21 19:54:13 1998
Date: Mon, 21 Sep 1998 09:46:41 -0400
To: cryptography@c2.net
From: Rodney Thayer <rodney@tillerman.nu>
OK, this was a hoax. Fine. So how well examined is IDEA? I realize
this is a subjective question. How well examined is it compared to,
say, Blowfish, CAST-128, or RC-5? I'm asking because I'm wondering
how well suited IDEA would be to use in IPSec.
[No, I'm not interested in the fact it's got Intellectual Property
issues. Unless someone knows of publically documented cases of
problems getting licenses...]
>Date: Sat, 19 Sep 1998 21:30:31 -0700
>From: Raph Levien <raph@acm.org>
>X-Mailer: Mozilla 4.06 [en] (X11; I; Linux 2.0.35 i686)
>To: cypherpunks@algebra.com
>CC: coderpunks@toad.com
>Subject: Re: Repost in text: IDEA(tm) weakness
>Sender: owner-coderpunks@toad.com
>
>A quick review reveals that this is clearly another "PGP is broken"
>hoax. The author is assuming that IDEA's * operation has a nonuniform
>distribution of outputs given a uniform distribution of inputs. Since it
>is taken mod 65537 (a prime), this is simply not the case - for constant
>x, x * y mod 65537 is a permutation over y. Everything else flows from
>this flawed assumption.
>
>The rest of the post is silly as well. "Not tested on real PGP data
>because I couldn't find where the IDEA data starts." Very funny, this
>info is quite accessible. Also, posting the technique but witholding the
>code is ridiculous. If the technique worked, it would get implemented
>within hours.
>
>Oh well. It was exciting for a minute or two.
>
>Raph
>
