Cryptography Reference
In-Depth Information
We do not want the security to rely on the secrecy of a critical secret key. Thus we
want to make the decryption impossible even with full knowledge. Thus we use
DES in a kind of a one-way mode: instead of computing
C
(
W
) for a password
W
used as a plaintext, we compute
C
W
(0) on the null plaintext with
W
used as
akey.(
W
is truncated onto its first eight characters. It must consist of ASCII
characters, thus 7-bit long, which makes 56 bits.)
In order to make the exhaustive search more lengthy, we use a more complicated
encryption. This can be tolerated for human user authentication as long as it does
not require more than a fraction of a second. Thus we use 25 iterations of DES
with the password used as a secret key.
In order to prevent brute force attacks based on mass manufactured DES chips,
we modify DES in order to make these chips unusable.
In order to thwart attacks based on precomputed tables, the modification of
DES involves a random 12-bit salt which is stored in clear with the encrypted
password. Actually, some of the 48 bits of the expanded block are swapped
depending on the salt. The 12-bit salt is generated from the system clock when
the password is set up.
2.5
Classical Cipher Skeletons
Many block ciphers are described in the literature. We survey classical design skeletons.
2.5.1 Feistel Schemes
The Feistel scheme is the most popular block cipher skeleton. It is fairly easy to use
a random round function in order to construct a permutation. In addition, encryption
and decryption hardly need separate implementations.
An example is DES, described in Section 2.1.
Here are some possible generalizations of the Feistel scheme.
We can add invertible substitution boxes in the two branches of the Feistel scheme
(as done in the BLOWFISH cipher).
We can replace the XOR by any other addition law. We do not necessarily
need commutativity nor associativity: only regularity (like
a
∗
=
∗
x
a
y
implies
=
y
).
We do not need to have balanced branches. We may also have unbalanced ones
(like in the BEAR and LION cipher).
We can generalize the scheme so that it has more than two branches:
(a) round functions with one input and several outputs (like in MARS),
(b) round functions with several inputs and one output (like in MD4),
(c) round functions with several inputs and outputs.
x
The first three variants are illustrated in Fig. 2.13.
Search WWH ::
Custom Search