Re: Idea for a slow block cipher with adjustable block length
From: Paul Rubin (//phr.cx_at_NOSPAM.invalid)
Date: 03/31/05
- Next message: Décio Luiz Gazzoni Filho: "Re: SHA-1 collisions"
- Previous message: Paul Rubin: "Re: Disk/Partition level encryption."
- In reply to: Antti Louko: "Idea for a slow block cipher with adjustable block length"
- Next in thread: Antti Louko: "Re: Idea for a slow block cipher with adjustable block length"
- Reply: Antti Louko: "Re: Idea for a slow block cipher with adjustable block length"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: 30 Mar 2005 14:49:25 -0800
Antti Louko <alo@iki.fi.invalid> writes:
> Construct a Feistel structure where left and right part are of equal
> length (as normally) and half of the length of the block. Lets have
> about 20 rounds to be safe. The function F might be truncated SHA-1
> of round number, key string and right half. SHA-1 makes the cipher
> quite slow but it doesn't harm in this case.
This is fine and I've done things like it in Python several times.
You only need 4 rounds, not 20, if the F function is pseudorandom like
SHA-1 (approximately) is.
> I think this could be used to implement usable mappings with
> relatively short block lengths (24 bits). After all, this cipher is
> not intended to be used in any other mode that pure ECB.
Such short block lengths are subject to codebook attacks.
- Next message: Décio Luiz Gazzoni Filho: "Re: SHA-1 collisions"
- Previous message: Paul Rubin: "Re: Disk/Partition level encryption."
- In reply to: Antti Louko: "Idea for a slow block cipher with adjustable block length"
- Next in thread: Antti Louko: "Re: Idea for a slow block cipher with adjustable block length"
- Reply: Antti Louko: "Re: Idea for a slow block cipher with adjustable block length"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
