[cryptography] Key Checksums (BATON, et al)

Steven Bellovin smb at cs.columbia.edu
Wed Mar 27 13:20:22 EDT 2013

On Mar 27, 2013, at 3:50 AM, Jeffrey Walton <noloader at gmail.com> wrote:

> What is the reason for checksumming symmetric keys in ciphers like BATON?
> Are symmetric keys distributed with the checksum acting as a
> authentication tag? Are symmetric keys pre-tested for resilience
> against, for example, chosen ciphertext and related key attacks?
The parity bits in DES were explicitly intended to guard against
ordinary transmission and memory errors.  Note, though, that this
was in 1976, when such precautions were common.  DES was intended
to be implemented in dedicated hardware, so a communications path
was needed, and hence error-checking was a really good idea.

		--Steve Bellovin, https://www.cs.columbia.edu/~smb

More information about the cryptography mailing list