Perry E. Metzger (perry@piermont.com)
Wed, 24 Jun 1998 15:40:24 -0400
Mike Rosing writes:
> The only quick thing I can see is that it looks like it would be very
> easy to use longer key lengths since the key material is used directly
> in the G function.
Certainly, but it isn't clear if this will add to the security. I'll
also point out that if you pick particular lengths you *might* end up
causing parts of the keying material to be applied in non-optimal ways
-- I haven't studied it enough yet.
Certainly you could do something naive like doubling the key length
from ten bytes to twenty bytes, but again, one wonders if, as with
DES, the key length was picked because it was known that security was
no better than that many bits...
Perry
The following archive was created by hippie-mail 7.98617-22 on Fri Aug 21 1998 - 17:18:59 ADT