Re: IPv6 Security Last Call Initial Questions

["Ian Farquhar" <ianf@sydney.sgi.com>]

On Mar 29,  3:41pm, Theodore Ts'o wrote:
> IP issues aside, what's the strength of CDMF?

Yes, I must admit that it's not one I have ever seen a description of.
Is anyone in a position to post or direct us to an algorithm description?

> My understanding of 40
> bit RC4 is that it doesn't give away anything about the NSA's ability to
> crack cyphers.  40-bit RC4 is reportedly quiet easy for anyone to
> cryptoanalyze.

Presuming that what was posted to the net recently was actually RC4 (which
on the weight of evidence so far seems likely), I have not seen any reasonable
cryptanalytic attacks on the cipher if it is used properly.  RSA is
supposed to possess a whole bunch of studies of it, but they are not making
them public at this stage, as far as I know.

As for the time required to break a 40 bit key, I'd suggest that someone
actually try it.  The key schedule needs 256 iterations of a data-dependent
loop, and optimizations which would reduce that time are certainly NOT
obvious.  I'd say that RSA's own estimate of 200 MIP/years to crack the
cipher is fairly accurate.  Sure, it's doable.  But it's not a kid-with-a-PC-
in-a-week proposition.  It's barely an engineer-with-a-large-MP-system-in-
a-work proposition, in fact.

						Ian.

---

References:

• Re: IPv6 Security Last Call Initial Questions
• From: Theodore Ts'o <tytso@MIT.EDU>

---

• Prev by Date: Re: MD5 versus SHA
• Next by Date: Re: MD5 versus SHA
• Prev by thread: Re: IPv6 Security Last Call Initial Questions
• Next by thread: Re: IBM's patented algorithm
• Index(es):
  • Main
  • Thread