Cryptography Reference
In-Depth Information
might even help to increase the security by simply decrypting and subsequently
encrypting with the same program.
Padding
RC5a pads the last block, as described in Section 5.1.2, using a simple 'count
byte' at the end. The fact that it might append up to eight bytes doesn't matter
in view of a 48-byte header.
A Treacherous Friend: Variable Number of Rounds
Taking a closer look at the program will reveal that RC5a already comes in
Version 2.0. This is because I discarded Version 1.0 (which implemented 'only'
RC5, by the way) pretty soon. The main reason was a variable number of
rounds, for example, depending on the last ciphertext block. I thought back
then that it would be particularly secure, because cryptanalysts usually focus
on algorithms with constant numbers of rounds. As it happens, variable numbers
of rounds are actually a welcome vulnerability for cryptanalysts.
Suppose we know a few plaintext - ciphertext pairs, and that the ECB mode
is used for encryption, for the sake of simplicity. When encrypting in step
k
with
r
rounds, and then later on the same plaintext in step
k
with
r
+
1
rounds (which is known to the cryptanalyst), then he knows the input for the
last round in step
k
: the ciphertext from step
k
. We saw in Section 5.4.2 how
the one-round RC5 can be broken.
In CBC mode, though the encryption of identical plaintexts in successive steps
is very improbable, it is better, and we don't have to worry about these types
of attacks. This is why I recommend a constant number of rounds. You can
use RC5a in ECB mode, too (it just takes a simple change to the program).
7.7 Bottom Line
Hopefully you have realized that you have to look
behind
the scenes in cryp-
tographic software (as opposed to other much praised, colorful and easy-to-use
applications). I realize that this is diametrically against the current trend. How-
ever, unless we do a sound evaluation, the probability to get
snake oil
is simply
too high: products that make bizarre pseudo-scientific claims of amazing new
breakthroughs in technology are almost certainly snake oil. I haven't found a
doable way out of this situation. Vendors of poor software should be pilloried,
