Re: Needle in a haystack--or is this just stupid?

Crypto_at_S.M.S
Date: 07/04/05


Date: Mon, 04 Jul 2005 13:08:16 +1000

Joseph Ashwood wrote:
> <Crypto@S.M.S> wrote in message news:11cekj599uem17@news.supernews.com...
>
>
>>CryptoSMS uses Blowfish on top of ARC4 on top of
>>triple IDEA (all with independent keys, IV, nonce).
>>What are the flaws in these ciphers?
>
>
> Blowfish has several partial attacks the coverage by Bruce Schneier (the
> originator of Blowfish) is fairly up to date and available at
> http://www.schneier.com/blowfish.html; the attacks on it are:
> Weak keys
> Detectable class of keys
> and an attack on 4 rounds that doesn't get any where near the whole thing
>

Attacks on simplified Blowfish,
not on a full & proper implementation.

Weak keys are easy to detect and avoid.
CryptoSMS does both, so what you're saying here is
that Blowfish is not truly weak.

> The attacks on RC4/ARC4/Alleged-RC4 are too numerous to be listed concisely,
> but probably the most important for CryptoSMS is the byte-wise bias present.
>

The attacks on RC4/ARC4 are all based on faulty implementations,
*without* proper Nonce and IV. CryptoSMS has both. This is taken
from the Crypto Mini-FAQ posted regularly to this group:

    RC4 (aka ARC4) is a very popular stream cipher for those reasons.
    It is commonly used in SSL for secure web connections, and is
    reasonably secure if used correctly. You need to avoid reusing a
    key, waste the first few output bytes, and realize that there is no
    authentication.

Note well, RC4 is "reasonably secure if used correctly". CryptoSMS
avoids "reusing a key", and it discards the first 4096 bytes of the key
stream (as advised above, and elsewhere).

> IDEA is also subject to weak keys, is broken to most of the rounds, and is
> subject to intellectual property attacks which make for some rather
> interesting problems beyond cryptography. Good information at
> http://www.answers.com/topic/international-data-encryption-algorithm .
>
> Of these IDEA is the only one that hasn't had something badly damaging, and
> for the last decade most cryptanalysts have been saying that RC4 needs to be
> retired because of it's flaws. None of the ciphers are considered to be in
> the class of the best available, and generally all work attacking them has
> stopped as the 5 AES finalists are superior in every way.
> Joe
>
>

So the ONLY real attack you can cite is that IDEA is patented?
According to the page at the link you gave, it is patented in
"some countries" (no list provided), and even in those, the
patent runs out in 2010.

Hardly an "attack". Doubtful if the patent holders even care anymore.

So let's recap. Blowfish is secure, RC4 is reasonably secure, and
triple IDEA is also secure.



Relevant Pages

  • Re: Needle in a haystack--or is this just stupid?
    ... > triple IDEA (all with independent keys, IV, nonce). ... > What are the flaws in these ciphers? ... Blowfish has several partial attacks the coverage by Bruce Schneier (the ...
    (sci.crypt)
  • Re: crypto sms [was: two children trading insults]
    ... >>order to defeat CryptoSMS encryption, ... >>find a simultaneous collision in all six hashes at once. ... >>the research done on removing keys. ... >>important issue to CryptoSMS designers and users alike. ...
    (sci.crypt)
  • Re: Should be in crypto for John E. Hadstate Re: just stupid?
    ... Ritter was cited an as expert by this CryptoSMS fellow. ... Authority tends to hide the basis for drawing ... > needs to analyzed as if it was one (not a cascade of ciphers) cipher. ... conventional block ciphers, some keys could ...
    (sci.crypt)
  • Re: Advice needed regarding SHA0 SHA1 MD5
    ... Once the program exits, those keys are ... CryptoSMS is a secure SMS chat client. ... The difference is I donate stuff of value to the community. ... People rag on me because they're sick of me talking about my free ...
    (sci.crypt)
  • Re: crypto sms [was: two children trading insults]
    ... And yet you persist in relying on the security of each of them as ... > find a simultaneous collision in all six hashes at once. ... > the research done on removing keys. ... > important issue to CryptoSMS designers and users alike. ...
    (sci.crypt)