undefined | Better HN

0 pointscperciva11y ago0 comments

Dead simple. 2nd year undergraduate programming assignment.

0 comments

Is it perhaps so simple that... Colin Percival could effectively describe how to do it in an HN comment, perhaps even challenging someone like Thomas Ptacek to code it up and publish it instead of just yakking on HN like he always does I hate him so much?

cpercivaOP11y ago

Each word in the 4-word AES round keys is computed as w[i] = Mangle(w[i - 1]) xor w[i - 4], where Mangle(x) = Subword(Rotword(x)) xor Rcon for i%4=0 and Mangle(x) = x otherwise.

Just turn that around and you get w[i - 4] = w[i] xor Mangle(w[i - 1]). Now start with i = 43 (i.e., w[i] is the last word of the last round key) and count backwards, filling in words of the round keys until you get to w[0]. Then w[0..3] is the AES key.

j / k navigate · click thread line to collapse

0 comments

tptacek11y ago

cpercivaOP11y ago

Each word in the 4-word AES round keys is computed as w[i] = Mangle(w[i - 1]) xor w[i - 4], where Mangle(x) = Subword(Rotword(x)) xor Rcon for i%4=0 and Mangle(x) = x otherwise.

j / k navigate · click thread line to collapse