From owner-freebsd-security Thu Jun 3 7:14:54 1999 Delivered-To: freebsd-security@freebsd.org Received: from haldjas.folklore.ee (Haldjas.folklore.ee [193.40.6.121]) by hub.freebsd.org (Postfix) with ESMTP id 8FE3415256 for ; Thu, 3 Jun 1999 07:14:51 -0700 (PDT) (envelope-from narvi@haldjas.folklore.ee) Received: from haldjas.folklore.ee (haldjas.folklore.ee [172.17.2.1] (may be forged)) by haldjas.folklore.ee (8.8.8/8.8.4) with SMTP id RAA20251; Thu, 3 Jun 1999 17:14:36 +0300 (EEST) Date: Thu, 3 Jun 1999 17:14:35 +0300 (EEST) From: Narvi To: Adam Shostack Cc: Laurence Berland , security@FreeBSD.ORG Subject: Re: Not freebsd related...yet In-Reply-To: <19990603085644.A24954@weathership.homeport.org> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Thu, 3 Jun 1999, Adam Shostack wrote: > > Actually, this will be 1. broken, and 2. uninteresting. I'd be happy > to bet money if it wasn't a sucker bet. > > 1. Building a cipher with a large key is hard. See the first twofish > paper, where Schneier et al, discuss the difficulty of building a key > schedule to effectively use long keys. Getting 1024 BYTES of > randomness is next to impossible, so your implementors will end up > expanding a smaller pool of randomness into a large key. Given that > this is unavoidable, you should anticipate it in your design, and have > a key expansion phase. That you didn't know this is worrisome. > Let's leave aside what he knows and what he doesn't. Using 1024 bytes of key is trivially easy if you are doing (large block) block chipher. Say you have 1024 byte key and operate on 4096 byte blocks. Subdivide the key into 64 16 byte subkeys and the key into 64 byte subblocks. Now encode sublock n with subkey n using a conventional chipher. The resulting enconging is stronger than the one used on the subblocks. Then again, definately not enough to pay for the extreme size... But I think he mixed up bytes and bits, and 1024bit keys aren't all that bad. > 2. Building a system to use more resources than current systems, and > expecting resource consumption to make it interesting is silly. > I really don't think that he meant that. > If you want an interesting project, may I suggest trying to > cryptanalyze one of the AES candidates? Its more interesting, will > teach you a bunch, and may produce something useful. > > Sorry to flame, but this really isn't a good use of your time. > I gues he *HAS* to come up with something himself and then code it for his CS final project. And crypto may very well also be set as the subset from which he has to come up with something. > Adam > > > -- > "It is seldom that liberty of any kind is lost all at once." > -Hume Sander There is no love, no good, no happiness and no future - all these are just illusions. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message