# Re: Weakness of Feistel ciphers

*From*: Unruh <unruh-spam@xxxxxxxxxxxxxx>*Date*: 19 Apr 2006 21:25:33 GMT

kim@xxxxxxxxxxx (Kim G. S. Øyhus) writes:

In article <7xodyx74on.fsf@xxxxxxxxxxxxxxxxxxx>,

Paul Rubin <http://phr.cx@xxxxxxxxxxxxxx> wrote:

kim@xxxxxxxxxxx (Kim G. S. Øyhus) writes:

It has to work modula a Mersenne prime, product of primes, or similar.

OK. It sounds like you're asking for a bijection from Z//p to Z//p

where you can quickly compute both the encryption and its inverse. Is

that right?

Yes, and perhaps other fields or semigroups as well, as you guessed.

That is straightforward to do using AES or SHA or whatever as a

building block. Schroeppel's paper about the Hasty Pudding Cipher

explains how.

Thank you for your advice. I will examine that.

I am not a rookie. I have worked professionally with crypto for over

4 years now, and have made stuff like the fastest RSA for the ARM

processor, and a system which converts fingerprints to crypto keys.

The kinds of questions you're asking make it sound like you may

understand how to implement math algorithms, but you don't actually

understand crypto. There's nothing wrong with that, but it means

you're not yet in a position to roll your own.

Since I do not need strong crypto, I think it is perfectly all right

to make my own. I just need something that is strong enough, stronger

than ordinary pseudo random generators. My tests say I have achieved

that, but they can be wrong.

Designing good pseudo random number generators is, like crypt, a field

littered with the carcases of ideas of people who thought they had improved

on the field. And "your tests" are almost certainly wrong. There is no way

to test the output to decide if it is cryptographically strong PRG.

(Of course it depends on what you mean by "ordinary". If you mean circa

1940 generators, probably yes. If you mean current state of the art, almost

certainly no.)

Kim0.

**Follow-Ups**:**Re: Weakness of Feistel ciphers***From:*Kim G. S. Øyhus

**References**:**Weakness of Feistel ciphers***From:*Kim G. S. Øyhus

**Re: Weakness of Feistel ciphers***From:*Jean-Luc Cooke

**Re: Weakness of Feistel ciphers***From:*Kim G. S. Øyhus

**Re: Weakness of Feistel ciphers***From:*Paul Rubin

**Re: Weakness of Feistel ciphers***From:*Kim G. S. Øyhus

- Prev by Date:
**Re: Cryptographic strength in Wireless Alarm Systems?** - Next by Date:
**Re: Weakness of Feistel ciphers** - Previous by thread:
**Re: Weakness of Feistel ciphers** - Next by thread:
**Re: Weakness of Feistel ciphers** - Index(es):