[1111] in Kerberos_V5_Development
Re: OV admin system integration plan
daemon@ATHENA.MIT.EDU (Donald T. Davis)
Sun May 5 22:07:28 1996
To: Marc Horowitz <marc@MIT.EDU>
Cc: don@cam.ov.com, krbdev@MIT.EDU
In-Reply-To: Your message of "Sun, 05 May 1996 16:19:38 EDT."
<9605052019.AA04125@bart-savagewood.MIT.EDU>
Date: Sun, 05 May 1996 22:07:15 -0400
From: "Donald T. Davis" <don@cam.ov.com>
marc wrote:
> Someone should pick up a copy of Schneier, read the section on
> PRNG's, and pick a good one for our purposes.
the soundest prng is blum, blum, and shub, but it's also
one of the slowest. afaik, the only prng's that have
been proven to be random and to be unpredictable (modulo
complexity assumptions), are all much slower than des.
i don't see anything wrong with using des as the prng.
if you're worried about des' security, it still isn't
necessary to use 3des for key-generation. probably the
best bet, if you want to be snazzy, would be single-key
cfb mode.
there was a paper by preneel at crypto '93, showing
that des' cfb mode is much more secure than the other
modes, against differential cryptanalysis and against
linear cryptanalysis. btw, preneel also mentioned that
cfb mode causes the initial permutation to contribute
to des' diffusion properties. as i remember, it's best
to feed at least 8 bits in.
-don davis, boston
