Re: TEA analysis
From: cryptokid (sci_crypt_kid_at_yahoo.com)
Date: 03/07/04
- Next message: dsr_at_Florence.edu: "Re: Solving For Lat/Long"
- Previous message: Mike Scott: "Re: An non primitive root works for Diffie -Hellman?"
- In reply to: David Wagner: "Re: TEA analysis"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: 7 Mar 2004 05:07:20 -0800
Yes, i'm sorry. I meant TEA and it's variants.
I've also forgot to mention 2 not published attacks by Markku-J.
Saarinen on Block TEA (differential attack, 2^34 chosen ciphertext
queries) and Block TEA 2 (distinguishing attack, 2^80 chosen
plaintexts).
daw@taverner.cs.berkeley.edu (David Wagner) wrote in message news:<c2dfp1$1n49$1@agate.berkeley.edu>...
> cryptokid wrote:
> >TEA seems quite fine to me. I don't think it's a good idea to use it
> >in a hashing mode(Davies-Meier) though, as it seems to have a
> >tendency to fall under related key attacks. ;)
>
> In fact, TEA-Davies-Meyer has already been broken:
> John Kelsey, Bruce Schneier, and David Wagner.
> Key-schedule cryptanalysis of IDEA, G-DES, GOST, SAFER, and triple-DES.
> CRYPTO '96. http://www.cs.berkeley.edu/~daw/papers/keysched-crypto96.ps
- Next message: dsr_at_Florence.edu: "Re: Solving For Lat/Long"
- Previous message: Mike Scott: "Re: An non primitive root works for Diffie -Hellman?"
- In reply to: David Wagner: "Re: TEA analysis"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
