On Tue, 30 Jun 1998, Uri Blumenthal wrote:
OK, being "responsible" for DES/SK, here's what should remove any
ambiguity left:
1. The algorithm allows variable number of rounds. I say - use 32 rounds
(to be strength-equivalent to 3DES).
2. The algorithm allows variable-length key. I say - make it 128 bits
for the sake of simplicity.
I assume this is the key material.
3. Key schedule is described completely and explicitly in the paper
I e-mailed to several list participants a while ago.
Is there a URL? You may want to upload it
(to ftp://www.cryptography.org/pub/incoming if it is nonexportable).
4. Parts of the source code are available (alas, very incomplete).
This creates a problem. If I can't do something like encrypt
"abcdefghijklmnopqrstuvwxyz" and verify that it encrypts to 0x365ef2a or
whatever.
5. The main "crypto" engine uses straight DES rounds, so everything
applicable to DES (source code, docs etc) applies here.
What it does is: takes the user key, does some funny things with
it that are described on the algorithmic level in the paper, use
the result as a longer key schedule for DES but iterate not 16
but 32 rounds.
I would have to see the details.
6. The mode can be PGP-CFB. Text prefixed with <BLKSIZE>+2 random bytes,
zero IV.
and BLKSIZE is?