Cryptography Reference
In-Depth Information
where
crctab[]
denotes an easily computable table,
key
denotes a 32-bit word,
and
c
denotes a byte. The function
crc32()
is reversible, i.e., one can easily
determine
key
for given values of
crc32(key,c)
and
c
. Using
Crc32 = crc32(key,c)
the solution looks like this:
⊕
⊕
key = (Crc32 << 8)
crcinvtab[Crc32 >> 24]
c
(6)
(again,
crcinvtab
is a computable table).
How does a secret key get in there? First of all, the words
key0, key1
, and
key2
are initialized:
key0 = 0x12345678
key1 = 0x23456789
key2 = 0x34567890
Then you run the actualization procedure described above for all key bytes.
This corresponds to a cipher where the ciphertext is discarded. This means that
there is no restriction as to the key length. The internal key consists of the
three
key
variables, thus it is 96 bits long (corresponding to 12 bytes); far too
many for brute force.
About the Security of 'Wild' Algorithms and How to Break the
pkzip
Cipher
This cipher was designed by Roger Schlafly
1
and looks pretty 'wild' at first. I
don't know all the design principles of the algorithm. For example, I have no
idea where factor 134 775 813 in the actualization procedure comes from (it is
not a prime number, but is equal to the product 3*17*131*20 173). Perhaps it
is as arbitrary as the initialization of the three
key
variables.
1
Homepage on the Web:
bbs.cruzio.com/
∼
schlafly/
; see also [GarPGP, end of Chap-
ter 6].