symmetric encryption broken

Michael H. Warfield mhw at wittsend.com
Fri Mar 9 22:55:03 CET 2001 

On Fri, Mar 09, 2001 at 02:23:39PM -0700, Nathan Johnson wrote:
> >Some ciphers are symmetric. If you DES-encrypt something, and then "encrypt"
> the ciphertext again, you magically get the plaintext back.

> This is the behavior I expected, and so I used   -c  each time.
> It did not work with 3DES.  Is 3DES not truly symmetric in this sense?

	No, it is not.  And it is NOT the behavior I would expect out
of any decent crypto algorithm.

	Symetrical key cryptography means that the same key is used for
both encryption and decryption.  It does NOT mean the same algorithm is
used.  Sometimes it's the same algorithm on a transformed key as it is
in the case of DES.  But rarely does a double ENcryption with the same
key result in the recovery of the plain text.

	If you go to Applied Cryptography 2nd Edition on page 277 you
will find the description for Decrypting DES:

] 	"With DES it is possible to use the same function to encrypt or
] decrypt a block.  The only difference is that the keys have to be used
] in the reverse order.  That is, if the encryption keys for each round are
] K1, K2, K3, ... K16, then the decryption keys are K16, K15, K14, ... K1."

	Single DES consists of 16 rounds where the keys for each round are
generated from the input key.  The decrption algorithm must reverse the
order of the round keys as generated from the primary key.  Encrypting
twice is NOT the same as encrypting and then decrypting.

	Also, one generally incorporates a variable padding or seed along
with some initialization vector (starting data for the crypto algorithm)
to insure that if you encrypt the same data twice you do NOT get the
same cryptotext as a result.

] [mhw at chaos mhw]$ cp a b
] [mhw at chaos mhw]$ gpg -c a
] [mhw at chaos mhw]$ gpg -c b
] [mhw at chaos mhw]$ ls -l a a.gpg b b.gpg 
] -rw-------   1 mhw      eng          6773 Mar  9 16:50 a
] -rw-r--r--   1 mhw      eng          2718 Mar  9 16:50 a.gpg
] -rw-------   1 mhw      eng          6773 Mar  9 16:50 b
] -rw-r--r--   1 mhw      eng          2718 Mar  9 16:50 b.gpg
] [mhw at chaos mhw]$ md5sum a a.gpg b b.gpg
] 8ab3feb2d9c75b489cbc9240cd102b4b  a
] 405744d154114cd13a612ff156329cd5  a.gpg
] 8ab3feb2d9c75b489cbc9240cd102b4b  b
] 9d5c79536d4dbf003a6f5effab55b739  b.gpg
] [mhw at chaos mhw]$ 

	Same text in.  Same pass phrase.  Different text out.  You would
NOT be able to reencrypt that output data and have the same result as the
input data.  I did this without the ascii armoring just to emphasize the
point that this is IN ADDITION to the fact that the file got ascii armored
on each round of encryption as well.

> _______________________________________________
> Gnupg-devel mailing list
> Gnupg-devel at gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-devel

	Mike
-- 
 Michael H. Warfield    |  (770) 985-6132   |  mhw at WittsEnd.com
  (The Mad Wizard)      |  (678) 463-0932   |  http://www.wittsend.com/mhw/
  NIC whois:  MHW9      |  An optimist believes we live in the best of all
 PGP Key: 0xDF1DD471    |  possible worlds.  A pessimist is sure of it!

More information about the Gnupg-devel mailing list