teatotal: curious about the state of the project
Subject:
Re: curious about the state of the project
From:
Alex Holden ####@####.####
Date:
22 Sep 2002 10:14:29 -0000
Message-Id: <3D8D9798.7070900@linuxhacker.org>
Ivan Popov wrote:
> I have not found any information about weaknesses in the "new-variant"
> TEA, are you aware of any?
TEA-Total uses the block mode version of the new variant. I don't recall
reading of any particular weaknesses in the new variant.
> I see also that at least some software is still using the old form of the
> algorithm, including e.g. rather recent perl Crypt-Tea (ver.1.43) module.
> It is probably not good? Or is TEA considered to be a low-security
> algorithm anyway?
I don't think it's regarded as being low security and I'm not sure how
easy the weaknesses in the old algorithm are to exploit, however IANAC
(I Am Not A Cryptographer).
> Amd one more, more specific question:
> - what is the reason for always using a key file, isn't it easier
> to use the password hash as the key directly rathen than via the key file?
That's because a password has only a relatively small amount of
"randomness". With a fast computer you could easily write a program
which tried hundreds, probably thousands of keys per second in a brute
force attack. Limiting the key to a hash of a short plaintext word or
phrase would make it considerably easier to guess the key than using 128
bits of truly random data. If you mean, why bother adding support for
password protection of key files- the main answer is that I was asked
for the feature several times. It does at least make it quite a bit
harder for someone to utilise the private key file should they manage to
get hold of it somehow, however it's no real substitute for keeping the
private key private.
--
------------ Alex Holden - http://www.linuxhacker.org ------------
If it doesn't work, you're not hitting it with a big enough hammer