Jump to content

Talk:Common Scrambling Algorithm

Page contents not supported in other languages.
From Wikipedia, the free encyclopedia

Untitled

[edit]

Does anyone actually know how brute-force can be improved on, or if it can be improved on? topynate 23:39, 20 Sep 2004 (UTC)

I haven't heard of anything, but it wouldn't be surprising — it certainly wouldn't be the first time that a reverse-engineered proprietary encryption algorithm had been found to be weak! — Matt 12:02, 21 Sep 2004 (UTC)

Can anybody reference where to find the information about bytes 3 and 7 being checksums or if you could explain how to calculate them. - Aldebarn42

Byte form AA BB CC xx DD EE FF yy -- xx and yy are checksums, xx=AA+BB+CC, yy=DD+EE+FF. I suspect this is in the BISS specification somewhere. So that's bytes 3 and 7 when starting count at 0. —Preceding unsigned comment added by 87.194.114.122 (talk) 00:36, 23 March 2008 (UTC)[reply]


The entry says:

This fact allows practical space-time tradeoff attack where 32 bits are brute-forced, 16 bits are calculated with memory tables built from ciphertext, and 16 bits calculated as checksum with a running time of O(216)+O(232), which can be less than a second if implemented in FPGA hardware or on scalable architecture like cell processor.

Is there any reference to this affirmations? —Preceding unsigned comment added by 85.152.200.43 (talk) 18:36, 9 July 2009 (UTC)[reply]

Check http://www.cdc.informatik.tu-darmstadt.de/~kwirt/csa.pdf Implementation in a fpga would consist of a number of parallel engines that would try to decrypt and check if the content is valid. (looking for known things like mpeg-headers etc). With 42 parallel hw-threads, that each test one key per clock-cycle, for this @ 50Mhz this would allow for a bruteforce attempt in ~1 second since on average we would expect to find the key after 2^31 tries for a 2^32 bit key.—Preceding unsigned comment added by 85.228.203.183 (talk) 09:24, 20 October 2009 (UTC)[reply]

The text says "This fact allows" and that's not true for a start. What would allow this is a major weakness in the alg that allows 16 bits of key to be calculated from ciphertext independently of the other 32 bits. The mere use of the numbers 32 and 16 lead me to think that this choice is arbitrary and the result of unfounded speculation. As an example double DES is susceptable to the Meet-in-the-middle_attack because it consists of two short key ciphers used sequentially. There is the potential to split this into a 2^56 key store leaving a bruteforce space of 57bits. Note though single DES cannot be broken down the same way. The pdf linked does not support the claim either but does say "Cryptanalyzing both stream and block cipher at the same time seems to be a task too daunting to attempt.". A search reveals successful fault analysis attacks against the complete system but these rely on introducing errors into hardware to reveal the key it has been supplied with. Does anyone have a good reason why the bruteforce in 1 second claims should not be removed from the article? Ambix (talk) 14:49, 20 May 2010 (UTC)[reply]
I've removed the 1 sec claim, changing as little else as possible. Please remember also that this cipher is a combination of a block and stream cipher and as such well known block cipher/hash breaking methods like rainbow tables do not help. I'd be happy to be corrected on that with explanation, but the lack of any such method in nearly 10 years of published research leads me to think that it cannot be that trivial. Ambix (talk) 13:29, 2 December 2010 (UTC)[reply]

Error in "external links" pdf

[edit]

Hello,

there seems to be an error in the external link pdf named "Analysis of the DVB Common Scrambling Algorithm". At page 6 (200) in "Table 1" S5 is marked as a4,2;a3,2;... instead it should be a4,2;a3,3;... in my opinion. Can anyone confirm this or am I wrong? Here some references that also show this as being wrong:

1. In the libdvbcsa in file "dvbcsa_stream.c" at line 124

2. http://www.emsec.rub.de/media/crypto/attachments/files/2010/04/da_diett.pdf (page 28)

Fabermundi (talk) 08:51, 9 November 2012 (UTC)[reply]

[edit]

Hello fellow Wikipedians,

I have just modified one external link on Common Scrambling Algorithm. Please take a moment to review my edit. If you have any questions, or need the bot to ignore the links, or the page altogether, please visit this simple FaQ for additional information. I made the following changes:

When you have finished reviewing my changes, you may follow the instructions on the template below to fix any issues with the URLs.

This message was posted before February 2018. After February 2018, "External links modified" talk page sections are no longer generated or monitored by InternetArchiveBot. No special action is required regarding these talk page notices, other than regular verification using the archive tool instructions below. Editors have permission to delete these "External links modified" talk page sections if they want to de-clutter talk pages, but see the RfC before doing mass systematic removals. This message is updated dynamically through the template {{source check}} (last update: 5 June 2024).

  • If you have discovered URLs which were erroneously considered dead by the bot, you can report them with this tool.
  • If you found an error with any archives or the URLs themselves, you can fix them with this tool.

Cheers.—InternetArchiveBot (Report bug) 10:33, 11 August 2017 (UTC)[reply]