Re: CISCO PIX Vulnerability

[Damir.Rajnovic () EUROCERT NET (Damir Rajnovic)]

Hi there,

At 10:19 -0700 4/6/98, Mat Butler wrote:
> On Thu, 4 Jun 1998, Damir Rajnovic wrote:
>
> > Hi there,
> >
> > At 19:25 -0700 3/6/98, David Wagner wrote:
> > > Either the sci.crypt folks were confused, or I am.  With only 48
> > > unknown bits in the DES key, you can break the encryption 2^8 = 256
> > > times faster than you can break DES.  This is a serious weakness.
> >
> > Probably I was unclear. What I want to say is that it does not matter
> > what bits inside key are known. It is the same if you know that first
> > 8 bits are 0 or middle or end bits. In all cases you must put the same
> > effort to break encryption. In that sense there is no 'additional gain'
> > knowing WHAT bits are fixed it does matter only that some are fixed.
>
> If you know the bits in the key that are fixed, you create a program to
> generate all possible combinations with those bits fixed.  (If nothing
> else, you create a list of every possible combination of the number of
> bits that aren't fixed, then insert the bits that are fixed before using
> the strings as keys.)
>
> It -does- matter if you know what bits are fixed.  We're talking the -key-
> here.  Not the output of the encryption.

Yes, but what I was trying to say is that if you know that first 8 bits
are fixed you can break encryption in X time units, so it will take again
X time units to break it if last 8 bits are fixed or any other 8 bits.
It will always take X time units no matter what 8 bits are known. There
is no, allegedly, 8 'preferred' bits that will allow you to break it in
less than X time units.

Cheers,

Gaus

---------------------------------------------------------------
EuroCERT                                tel: (+44 1235) 822 382
c/o UKERNA                              fax: (+44 1235) 822 398
Atlas Centre
Chilton, Didcot
Oxfordshire OX11 0QS, UK