Xref: utzoo comp.compression:231 sci.crypt:4425
Path: utzoo!utgpu!news-server.csri.toronto.edu!rpi!zaphod.mps.ohio-state.edu!swrinde!elroy.jpl.nasa.gov!jarthur!nntp-server.caltech.edu!madler
From: madler@nntp-server.caltech.edu (Mark Adler)
Newsgroups: comp.compression,sci.crypt
Subject: Re: Security of PKZIP's encryption
Message-ID: <1991Apr3.223622.27846@nntp-server.caltech.edu>
Date: 3 Apr 91 22:36:22 GMT
References: <1991Apr3.041950.20991@bellcore.bellcore.com> <1991Apr3.070045.22296@nntp-server.caltech.edu> <1991Apr3.212713.18209@bellcore.bellcore.com>
Organization: California Institute of Technology, Pasadena
Lines: 17

In article <1991Apr3.212713.18209@bellcore.bellcore.com> karn@thumper.bellcore.com writes:
>In article <1991Apr3.070045.22296@nntp-server.caltech.edu>, madler@nntp-server.caltech.edu (Mark Adler) writes:
>|> Linear?  In what field?
>Well, most of the operations seem to be additions and CRC calculations.
>CRCs are certainly linear, as are additions. I don't see any nonlinear
>substitutions and permutations going on.

Ah, so you think it's linear on GF(2) polynomials.  It's not.  There is
an "or" operation snuck in there for precisely the reason you mention--
to foil an algebraic approach to inverting the pseudo-random sequence.

This is not to say the scheme is secure, of course.  But I do think
that there was some thought put into it by someone familiar with the
field.

Mark Adler
madler@pooh.caltech.edu