[cryptography] Key Checksums (BATON, et al)

Ben Laurie ben at links.org
Wed Mar 27 15:13:15 EDT 2013

On 27 March 2013 17:20, Steven Bellovin <smb at cs.columbia.edu> wrote:
> On Mar 27, 2013, at 3:50 AM, Jeffrey Walton <noloader at gmail.com> wrote:
>> What is the reason for checksumming symmetric keys in ciphers like BATON?
>> Are symmetric keys distributed with the checksum acting as a
>> authentication tag? Are symmetric keys pre-tested for resilience
>> against, for example, chosen ciphertext and related key attacks?
> The parity bits in DES were explicitly intended to guard against
> ordinary transmission and memory errors.  Note, though, that this
> was in 1976, when such precautions were common.  DES was intended
> to be implemented in dedicated hardware, so a communications path
> was needed, and hence error-checking was a really good idea.

And in those days they hadn't quite wrapped their heads around the
concept of layering?

That said, I used to work for a guy with a long history in comms. His
take was that the designers of each layer didn't trust the designers
of the layer below, so they added in their own error correction.

Having seen how crypto has failed lately, perhaps we should have more
of the same distrust!

More information about the cryptography mailing list