Re: Crypto Mini-FAQ
From: Quintin (qcitxxx_at_btinternet.com)
Date: 08/30/03
- Next message: Bryan Olson: "Re: Interesting Discussion with US Government Computer Expert"
- Previous message: Bryan Olson: "Re: VMPC function. Question on definition of inverting"
- In reply to: Roger Schlafly: "Re: Crypto Mini-FAQ"
- Next in thread: Roger Schlafly: "Re: Crypto Mini-FAQ"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sat, 30 Aug 2003 18:19:47 +0000 (UTC)
"Roger Schlafly" <rogersc@mindspring.com> wrote in message
news:mvR3b.8153$xw5.2995672122@twister2.starband.net...
> "Quintin" <qcitxxx@btinternet.com> wrote
> > > Q: Should I test for weak keys?
> > > No. There are no weak keys that need to be avoided in DES, Triple-DES,
> > > or AES.
> > The above statement is false for DES (sorry Roger). There are four weak
> and
> > six pairs of semi-weak keys for DES. See Fact 7.89 in Handbook of
Applied
> > Cryptography Menezes A. et al, pp 258-9.
>
> Yes, the book says that certain keys are "weak keys", but it doesn't say
> that they need to be avoided.
>
> It defines a weak key as one where the encryption function is the same
> as the decryption function. Under that definition, all OTP keys are weak
> keys. It doesn't say anything about whether the encryption is strong or
> weak.
>
> > It is true that most frameworks will auto-test for these keys though,
but
> if
> > you are unsure about this, you should test yourself.
>
> I doubt that they do auto-test for weak keys. And if they do, it is
> probably only for marketing reasons, not security reasons.
>
>
Good enough for me, I outta here
Q
- Next message: Bryan Olson: "Re: Interesting Discussion with US Government Computer Expert"
- Previous message: Bryan Olson: "Re: VMPC function. Question on definition of inverting"
- In reply to: Roger Schlafly: "Re: Crypto Mini-FAQ"
- Next in thread: Roger Schlafly: "Re: Crypto Mini-FAQ"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
