Bill Stewart writes:
> At 02:54 PM 03/01/2000 -0500, Russell Nelson wrote:
> >The essence of the above algorithm (let's call it BP1, for Buried
> >Plaintext 1) is to force the decryption trial to be iterated until the
> >buried plaintext is found. It means that the decryption engine needs
> >to have the full crypttext available to it. If you can decrypt a
> >message in N steps, then using BP1 with half random data forces you to
> >do N*2 steps, where the steps themselves are more complicated. The
> >storage requirements are higher, as are the data transfer pathways.
>
> I'm not convinced that this is a big win compared to CBC with a random IV,
> which also forces the cracker to crank the crypto step an extra time.
> For many popular crypto algorithms, such as N-DES, Blowfish, even RC4,
> the key scheduling takes more time than cranking the algorithm
> (though there are ways to avoid that with 1-DES),
> and you know that once you find a SOT, that's the starting point,
> though if you've got the wrong key, 1/256 bytes will be SOT.
Yes, but you're tying up a decryptor for that much more time.
Cryptography is more about economics than anything else. You want to
do things which cost the cryptanalyst more than they cost you,
preferably as many multiples more as you can manage.
But now I'm agreeing with you that there are probably other algorithms
which are more profitable to you. That is, they have a higher
multiplier -- for a given amount of effort spent, they generate more
work for the cryptanalyst than anything else. And realistically, that
translates into key length more than anything else.
Perhaps HP1 is best used to pad messages while creating the least
possible known plaintext.
--
-russ nelson <[EMAIL PROTECTED]> http://russnelson.com
Crynwr sells support for free software | PGPok | "Ask not what your country
521 Pleasant Valley Rd. | +1 315 268 1925 voice | can force other people to
Potsdam, NY 13676-3213 | +1 315 268 9201 FAX | do for you..." -Perry M.
