<http://eprint.iacr.org/2011/312.pdf>:
In this paper we show that GOST is NOT SECURE even against differential cryptanalysis (DC), or rather advanced attacks based on sets of differentials. [...] An Improved Differential Attack on GOST [...] Overall this attack requires 2^64 KP [known pairs, I guess] and allows to break full 32-round GOST in time of about 2^228 GOST encryptions for a success probability of 50 %. Since GOST has a 64-bit block size, it means that the attacker starts with the full map of (plaintext, ciphertext) pairs. In a sane system the key is either random or a result of KDF -- what can be the point of such an attack? -- Regards, ASK _______________________________________________ cryptography mailing list [email protected] http://lists.randombit.net/mailman/listinfo/cryptography
