Jump to content

Talk:Common Scrambling Algorithm

Page contents not supported in other languages.
From Wikipedia, the free encyclopedia
This is an old revision of this page, as edited by Ambix (talk | contribs) at 14:49, 20 May 2010 (Comments on the 32+16 supposed split.). The present address (URL) is a permanent link to this revision, which may differ significantly from the current revision.

Does anyone actually know how brute-force can be improved on, or if it can be improved on? topynate 23:39, 20 Sep 2004 (UTC)

I haven't heard of anything, but it wouldn't be surprising — it certainly wouldn't be the first time that a reverse-engineered proprietary encryption algorithm had been found to be weak! — Matt 12:02, 21 Sep 2004 (UTC)

Can anybody reference where to find the information about bytes 3 and 7 being checksums or if you could explain how to calculate them. - Aldebarn42

Byte form AA BB CC xx DD EE FF yy -- xx and yy are checksums, xx=AA+BB+CC, yy=DD+EE+FF. I suspect this is in the BISS specification somewhere. So that's bytes 3 and 7 when starting count at 0. —Preceding unsigned comment added by 87.194.114.122 (talk) 00:36, 23 March 2008 (UTC)[reply]


The entry says:

This fact allows practical space-time tradeoff attack where 32 bits are brute-forced, 16 bits are calculated with memory tables built from ciphertext, and 16 bits calculated as checksum with a running time of O(216)+O(232), which can be less than a second if implemented in FPGA hardware or on scalable architecture like cell processor.

Is there any reference to this affirmations? —Preceding unsigned comment added by 85.152.200.43 (talk) 18:36, 9 July 2009 (UTC)[reply]

Check http://www.cdc.informatik.tu-darmstadt.de/~kwirt/csa.pdf Implementation in a fpga would consist of a number of parallel engines that would try to decrypt and check if the content is valid. (looking for known things like mpeg-headers etc). With 42 parallel hw-threads, that each test one key per clock-cycle, for this @ 50Mhz this would allow for a bruteforce attempt in ~1 second since on average we would expect to find the key after 2^31 tries for a 2^32 bit key.—Preceding unsigned comment added by 85.228.203.183 (talk) 09:24, 20 October 2009 (UTC)[reply]

The text says "This fact allows" and that's not true for a start. What would allow this is a major weakness in the alg that allows 16 bits of key to be calculated from ciphertext independently of the other 32 bits. The mere use of the numbers 32 and 16 lead me to think that this choice is arbitrary and the result of unfounded speculation. As an example double DES is susceptable to the Meet-in-the-middle_attack because it consists of two short key ciphers used sequentially. There is the potential to split this into a 2^56 key store leaving a bruteforce space of 57bits. Note though single DES cannot be broken down the same way. The pdf linked does not support the claim either but does say "Cryptanalyzing both stream and block cipher at the same time seems to be a task too daunting to attempt.". A search reveals successful fault analysis attacks against the complete system but these rely on introducing errors into hardware to reveal the key it has been supplied with. Does anyone have a good reason why the bruteforce in 1 second claims should not be removed from the article? Ambix (talk) 14:49, 20 May 2010 (UTC)[reply]
Retrieved from "https://en.wikipedia.org/w/index.php?title=Talk:Common_Scrambling_Algorithm&oldid=363206272"