[cryptography] Oddity in common bcrypt implementation

Marsh Ray marsh at extendedsubset.com
Tue Jun 28 14:46:31 EDT 2011

On 06/28/2011 12:48 PM, Steven Bellovin wrote:
>> Wow, this sounds a lot like the way 64-bit DES was weakened to 56 bits.
> It wasn't weakened -- parity bits were rather important circa 1974.
> (One should always think about the technology of the time.

It's a very reasonable-sounding explanation, particularly at the time. 
http://en.wikipedia.org/wiki/Robbed_bit_signaling is even still used for 
things like T-1 lies.

But somehow the system managed to handle 64-bit plaintexts and 64-bit 
ciphertexts. Why would they need to shorten the key? Of the three 
different data types it would be the thing that was LEAST often sent 
across serial communications lines needing parity.

If error correction was needed on the key for some kind of cryptographic 
security reasons, then 8 bits would hardly seem to be enough.

What am I missing here?

> The
> initial and final permutations were rightly denounced as cryptographically
> irrelevant (though it isn't clear that that would be true in a secret
> design; the British had a lot of trouble until they figured out the
> static keyboard map of the Enigma), but they weren't there for
> cryptographic reasons; rather, they were an artifact of a
> serial/parallel conversion.


- Marsh

More information about the cryptography mailing list