[8369] in cryptography@c2.net mail archive
Re: Cryptographic Algorithm Metrics
daemon@ATHENA.MIT.EDU (dmolnar)
Wed Jan 3 14:18:18 2001
Date: Wed, 3 Jan 2001 14:13:18 -0500 (EST)
From: dmolnar <dmolnar@hcs.harvard.edu>
To: Ben Laurie <ben@algroup.co.uk>
Cc: John Young <jya@pipeline.com>, cryptography@c2.net
In-Reply-To: <3A536AE6.2658DDD8@algroup.co.uk>
Message-ID: <Pine.OSF.4.05.10101031410300.18152-100000@hcs.harvard.edu>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
On Wed, 3 Jan 2001, Ben Laurie wrote:
> > A cipher is Conditionally Computationally Secure
> > (CCS) if the cipher could be implemented with keys
> > that are not quite "long enough" or with not quite
> > "enough" rounds to warrant a CS rating. Examples:
> > SKIPJACK and RSA.
This seems a bit strange to me. I would have expected "conditionally"
computationally secure to mean "secure if some condition holds."
For instance, Rabin is secure if factoring is hard.
> An example of this would be the cipher used on DVDs, or the mobile phone
> one, both of whose names I've forgotten.
The mobile phone one would be A5, with two variants A5/1 and A5/2.
A5/1 likely qualifies as Weak, while A5/2 would now be Very Weak.
-David
