RE: RC5, hiding source code

Michael R. McClelland (
Sun, 11 May 1997 16:06:24 -0500

I look at it as insurance. They'll be less likely to move up to a level
that's already been proven weak. Of course I'm talking about our government
bureaucracy so anything can happen. I'm a little fuzzy on the point of this
also because of the enormous effort it is taking to find one key. If a
cyber-thief wanted to use my credit card number he would have to go to
enormous lengths to get it(I think my card is only good for $10,000). In
order for the person on the receiving end to be able to decipher an
encrypted message he must have the key, so there must be a schedule that
says which key to use and when to switch keys. Now if someone got hold of
the key schedule for a business or a bank and knew in advance which keys
were going to be used... If I'm way off on this I'd appreciate someone more
knowledgeable on this subject taking the time to enlighten me. My only
first hand use of encryption was with the Army for radio messages. At any
rate, brute force cracking would be a cyber-thief's last resort, unless he
could do it a thousand times faster than us.
The Lightning in a BrainStorm is caused by Eclectricity

-----Original Message-----
From: Nelson Minar []
Sent: Sunday, May 11, 1997 2:50 PM
To: Ronald Van Iwaarden
Subject: RC5, hiding source code

I confess, I don't really understand why RC5-56 is such a target.
RC5-40 made sense - it was the only crypto exportable from the US;
demonstrating it was weak was an important political move. A similar
argument goes for breaking DES. But why RC5-56? Is $10,000 that