[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: IPv6 Security Last Call Initial Questions

	    From: uri@watson.ibm.com
	    Date: Wed, 29 Mar 1995 14:04:47 -0500 (EST)

	    And then there is CDMF, which is rather similar to DES, and which
	    enjoys similar exportability as RC2/RC4 (except the review time
	    is 15 days instead of 7)... 

	 IP issues aside, what's the strength of CDMF?  My
	 understanding of 40 bit RC4 is that it doesn't give away
	 anything about the NSA's ability to crack cyphers.  40-bit RC4
	 is reportedly quiet easy for anyone to cryptoanalyze.  If CDMF
	 is similarily weak, what's the point of using it at all?

CDMF is very elegant.  ``Its strength is as the strength of DES, because
its S-boxes are pure''...

More seriously, CDMF is DES-based.  If you can't cryptanalyze DES, you
can't cryptanalyze CDMF.  You can do a brute-force search on the 40-bit
key, of course, but there are barriers to short-cut attacks.  The paper
is well worth reading.