From 60e610683d41eabf00322525cce59d00ebfc9eba Mon Sep 17 00:00:00 2001 From: mdw Date: Sat, 17 Jun 2000 10:33:26 +0000 Subject: [PATCH] Describe interface changes and new ciphers. --- README.cipher | 85 +++++++++++++++++++++++++++++++++++++++++++---------------- 1 file changed, 62 insertions(+), 23 deletions(-) diff --git a/README.cipher b/README.cipher index f9d08b9..3c22519 100644 --- a/README.cipher +++ b/README.cipher @@ -28,8 +28,7 @@ Block cipher interface A number of constants are defined to describe further properties of the cipher: - BLOWFISH_KEYSZ Is zero, to indicate that Blowfish doesn't care - much about the size of key you give it. + BLOWFISH_KEYSZ Is 32, to recommend 256-bit keys with Blowfish. BLOWFISH_BLKSZ Is 8, because Blowfish works on 64-bit blocks, which are therefore 8 bytes wide. @@ -37,6 +36,10 @@ Block cipher interface BLOWFISH_CLASS Is the triple (N, B, 64). This is explained below. + The constant byte vector blowfish_keysz (lowercase) contains + more detailed descriptions of the key size limits. See + `keysz.h' for a description of key size tables. + The BLOWFISH_CLASS macro contains information useful to other macros, rather than to direct users of the interface. The three components are: @@ -46,7 +49,7 @@ Block cipher interface if the macros should use a loop instead. The `endianness' - Either `B' for big-endian, or L for little- + Either `B' for big-endian, or `L' for little- endian. The `width' The cipher's block size in bits. @@ -58,15 +61,23 @@ Block cipher interface The peculiarities of the various ciphers are described below. Blowfish Fairly standard, really. Accepts arbitrary- - sized keys up to 448 bits. (The original - definition only specified keys with a multiple - of 32 bits -- the extension I use is due, I - think, to Eric Young.) Blowfish is fast and - looks very secure. - - IDEA Requires a 128-bit key. Not very fast. No - known attacks on the full cipher. Used in - PGP2. Patented! + sized keys up to 448 bits. 64-bit blocks. (The + original definition only specified keys with a + multiple of 32 bits -- the extension I use is + due, I think, to Eric Young.) Blowfish is fast + and looks very secure. + + CAST-128 Accepts arbitrary-sized keys up to 128 bits. + 64-bit blocks. Uses three slightly different + types of rounds, based around 8 x 32 S-boxes + constructed from bent functions. Faster than + RC2. Looks very strong. + + CAST-256 Accepts arbitrary-sized keys up to 256 bits. + 128-bit blocks. Submitted to the AES contest, + but didn't make it to the final five. Uses the + S-boxes and round functions from CAST-128. + Looks strong. DES Good old reliable. Been around for donkey's years and still going. Single-DES (implemented @@ -84,10 +95,34 @@ Block cipher interface of key sizes in bytes is: 7, 8, 14, 16, 21 or 24. - RC5 Arbitrary-sized key. Designed by Ron Rivest. - Not completely convincing in security. About as - fast as Blowfish, but with a quicker key - schedule. Patented, I think. + IDEA Requires a 128-bit key. About as fast as DES. + No known attacks on the full cipher. Used in + PGP2. Patented! + + RC2 Arbitrary-sized key, up to 128 bytes. Used to + be a trade secret of RSA Data Security Inc., but + leaked. About as fast as DES. Not convincing + in terms of security. Has a bizarre + `brain-damage' feature which limits the + effective key size. + + RC5 Arbitrary-sized key, up to 256 bytes. Designed + by Ron Rivest. Not completely convincing in + security. Almost as fast as Blowfish, but with + a quicker key schedule. Patented! + + Rijndael Accepts keys which are a multiple of 32 bits in + size, up to 256 bits. 128-bit block. AES + finalist. Fast, may not be strong. + + Serpent Arbitrary-sized keys up to 256 bits. 128-bit + block. AES finalist. About the same speed as + DES. Very conservative design. Looks very + strong. + + Twofish Accepts keys which are a multiple of 32 bits in + size, up to 256 bits. 128-bit block. AES + finalist. Fast, looks strong. Block cipher modes @@ -219,12 +254,11 @@ Implementing new modes: nasty macros Other ciphers - There's only one stream cipher implemented at the moment, and - that's RC4. It was designed by Ron Rivest. It's the fastest - cipher in Catacomb. It looks fairly strong (although see the - note about churning the context after keying below). And also - note that it works in output feedback -- you just XOR the output - from RC4 with the plaintext. Never reuse an RC4 key! + RC4 was designed by Ron Rivest. It's the second fastest cipher + in Catacomb. It looks fairly strong (although see the note + about churning the context after keying below). And also note + that it works in output feedback -- you just XOR the output from + RC4 with the plaintext. Never reuse an RC4 key! RC4 includes an OFB-like interface which should be familiar. It also includes a pair of strange macros RC4_OPEN and RC4_BYTE. @@ -247,6 +281,11 @@ Other ciphers theirs. It doesn't look very secret to me. + SEAL was designed by Phil Rogaway and Don Coppersmith. It's + ever-so slightly faster than RC4. It's also patented by IBM. + See the header for the interface. + + Generic cipher interfaces It can be convenient to implement routines where the cipher to @@ -277,7 +316,7 @@ Generic cipher interfaces c->ops->decrypt(c, s, t, sz) Like encrypt, only it decrypts. - c->ops->destroy(c) Destroys the cipher object `r'. + c->ops->destroy(c) Destroys the cipher object `c'. c->ops->setiv(c, iv) Sets the IV to be `iv' -- must be blksz bytes long. -- 2.11.0