Mark Eichin wrote: >> IBM developed a cypher called "lucifer". The NSA examined it, >> recommended some changes to the algorithm, and the result was DES. > >Changes which, we now know, *strengthened* it against differential >cryptanalysis (which they new about in the 70's, and called the >"sliding attack", if I remember Copperfield's comments correctly...)
This is getting dangerously off-topic, but... The original IBM Lucifer cypher had 128 bits of key size. The NSA strengthened the S-boxes against differential cryptanalysis (but NOT against linear cryptanalysis, they either didn't know about that or they knew about another attack), and they reduced the key size to 56 bit so they could crack it with brute force in massively parallell hardware. The result - for a time - was that it took a lot of capital investment to crack DES. Check out Schneier for details. >Also note that although SHA predated the MD5 attack mentioned here, >didn't SHA-1 (with a change from a shift to a rotate in one place, or >something subtle like that) come later? The FIPS standard specifying SHA-1 came from the autumn of 1995, but the algorithm was published in 1994. Dobbertin published his first papers in early 1995. SHA-1 seems to have been introduced because of an attack on SHA. What attack this was has been kept secret :-( -- Thomas Koenig, [EMAIL PROTECTED], [EMAIL PROTECTED] The joy of engineering is to find a straight line on a double logarithmic diagram. -- TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to [EMAIL PROTECTED] . Trouble? e-mail to [EMAIL PROTECTED] .
