Geek Answers Handbook

How secure is 64-bit RC2?

During the encryption process, two symmetric algorithms are considered equal in terms of security, if their key sizes are equivalent? (that is, the 64-bit RC2 algorithm provides the same exact protection as the 64-bit AES algorithm?)

How safe (or unsafe) would be to use the 64-bit RC2 algorithm?

How long can I expect him to crack such encryption for a brute force attack?

What data could be protected by this algorithm? (for example, I assume that credit card information will not be well encrypted using this algorithm, since the algorithm is not sufficiently secure).

+6
security encryption rc2-cipher
source share
2 answers

In general, equivalent key sizes do not imply equivalent security for various reasons:

Firstly, this is just the case when some algorithms have known attacks, while others do not. Key size is just the upper limit of the effort that would be required to break the encryption; in the worst case, you can always try all possible keys and succeed (on average) after checking half the key space. This does not mean that this is the best attack. Here is an example: AES with 128-bit keys uses 10 rounds. If you used AES with a 128-bit key, but only in one round, it would be trivially destructible, even if the key is the same size. For many algorithms, there are known attacks that can break up the search algorithm for the entire key space much faster.

In the case of block ciphers, there are other considerations. This is due to the fact that block ciphers process data in pieces of bits. There are various combinatorial properties that come into play after you start encrypting large amounts of data. For example, using CBC general mode, you begin to encounter problems after encrypting about 2 ^ (n / 2) blocks (this problem is an integral part of CBC). For a 64-bit cipher, such as RC2, this means that it is 2 ^ 32 64-bit blocks or 32 gigabytes, which while large are pretty easy to imagine (for example, you encrypt the disk image with it). If for a 128-bit cipher, such as AES, the problem is only starting to occur after about 2 ^ 64 128-bit blocks or about 295 exabytes. In a similar scenario, AES with a 64-bit key will actually be much more secure than RC2 with a 64-bit key.

Here we get to the epistemological part of the answer: even if there are no known attacks, this does not mean that no attacks are possible. RC2 is quite old and rarely used; even when it was a fairly current cipher, the analysis was less than, say, DES. It is very likely that no one over the past 5 years has bothered to come back and see how to break up RC2 using the latest attack methods, simply because there is less benefit to the relatively academic model of publishing or relocation, which uses modern public cryptographic research; itโ€™s much better if you are looking for ownership (or want to increase your reputation to get more consulting work) to post even a very slight improvement in an AES attack than would completely destroy RC2 because no one is using it anymore.

And with a 64-bit key, you immediately became attached to this upper limit, and the force of 2 ^ 64 is really quite low; perhaps within reach not only for intelligence services, but even for companies with large enough sizes (or shepherd shepherds).

Finally, I will point out that RC2 was designed to be fast on processors with a 286/386 processor. On modern machines, it is significantly (approximately 4-6x) slower than AES or similar ciphers developed over the past 10 years.

I really do not see the possibility of using RC2 for anything, the only thing I can imagine would be reasonable for compatibility with some ancient (in computer time) system. Use AES (or one of 4 other AES finalists, if necessary).

+11
source share

Here is my personal explanation for the expression โ€œattack on n of p rounds,โ€ which you can find at http://en.wikipedia.org/wiki/Block_cipher_security_summary , but be careful: I actually send this as an answer so people can tell me if i'm wrong. No one explained this to me, and I'm not a specialist, this is the only explanation that makes sense that I could understand.

Cryptographers consider any algorithm that requires a shorter operation than a successful attack. When it is said that a cipher has an attack on "n of p rounds," I assume that this means that if the cipher was defined as n rounds of the base function, it is actually defined as p rounds, there would be an attack for this. Perhaps the algorithm actually works in more than n rounds, but the cut-off point, where it becomes more expensive than brute force, is n. In other words, this is a very subtle difference for the algorithm, and it tells us how close we are to the abstract understanding of the mathematical function that it implements. This explains, apparently, arbitrary numbers that occur as "n" values โ€‹โ€‹when this expression is used.

To repeat, a cipher that has an attack on n of p rounds is a cipher that is not broken.

In addition, an algorithm that is โ€œbrokenโ€ because it has an attack in two operations of 100 for a 128-bit key can be useful. The concern in this case is that further mathematical discoveries may continue to exist in terms of the number of operations needed to break it. But 2,100 is just as impractical as 2,128 .

+2
source share

More articles:


All Articles