[1815] in linux-security and linux-alert archive

home help back first fref pref prev next nref lref last post

[linux-security] Re: "Flavors of Security Through Obscurity"

daemon@ATHENA.MIT.EDU (lists@notatla.demon.co.uk)
Thu Jun 4 18:41:52 1998

Date: Thu, 4 Jun 1998 01:22:16 +0100
From: lists@notatla.demon.co.uk
To: ak@muc.de, linux-security@redhat.com
Resent-From: linux-security@redhat.com
Reply-To: linux-security@redhat.com

X-Mailing-List: <linux-security@redhat.com> archive/latest/4
From: Andi Kleen <ak@muc.de>

> There are already lots of these ciphers. Examples are the Russian GOST or 
> Bruce Schneier's Blowfish cipher where the SBOXes can be changed and kept 
> secret. Most publicly available Blowfish and GOST implemenations use fixed,
> known sboxes AFAIK (hexadecimal Pi in case of Blowfish, some standard set
> for GOST), but the ciphers were really designed to work with variable SBoxes.
> 
> [mod: As I'm told, not just any S-boxes will do. You get a
> cryptographically weak cypher if you don't choose your S-boxes just
> right. Nobody knows how the DES people got it right, but they DID. 
> Using PI might give you a good source of pseudorandom numbers, but
> it is unlikely to provide good S-Boxes.  -- REW]


Excuse me being a little behind with my mail...

Blowfish relies on S-boxes derived from the key in a complicated
and slow way.  Some of the initial setup uses PI.  What separates
these pseudo-random boxes from the designed ones of DES is that these
are very large (and are used partially in series in each round).  1970's
hardware constrained DES to small S-boxes which would be weak if random.

-- 
----------------------------------------------------------------------
Please refer to the information about this list as well as general
information about Linux security at http://www.aoy.com/Linux/Security.
----------------------------------------------------------------------

To unsubscribe:
  mail -s unsubscribe linux-security-request@redhat.com < /dev/null


home help back first fref pref prev next nref lref last post