There are better attacks on 28147-89

[gost-www.git] / en / 28147-89.texi

diff --git a/en/28147-89.texi b/en/28147-89.texi
index c198715377005b992249c532d3047f0cc5353537..48718f1999afd711fefb946310c352a47566e601 100644 (file)
--- a/en/28147-89.texi
+++ b/en/28147-89.texi
@@ -1,5 +1,5 @@
 @node en2814789
-@section Magma (GOST 28147-89)
+@section GOST 28147-89 (Magma)
 
 @table @asis
 @item Algorithm type
@@ -15,7 +15,7 @@
 @item RFC
     @url{https://tools.ietf.org/html/rfc5830.html, 5830}
 @item Best attack
-    2@sup{248} with 2@sup{64} open-enciphered text pairs.
+    2@sup{224} with 2@sup{32} open-enciphered text pairs.
     Highly depends on used S-boxes
 @item Wikipedia
     @url{https://en.wikipedia.org/wiki/GOST_(block_cipher), article}
@@ -35,10 +35,11 @@
     strength.
     @item Implementations using different S-boxes are not interoperable.
     @end itemize
-@item "Magma" name was issued in @ref{en34122015, Kuznechik} standard,
-that also defines this algorithm.
 @item You have to be very cautious using that cipher with that small
 blocksize and often do rekeying.
+@item "Magma" name was issued in @ref{en34122015, Kuznechik} standard.
+It is identical to GOST 28147-89, except for fixed S-boxes and slightly
+different key and block conversion.
 @end itemize
 
 @strong{Implementations}: @ref{2814789Impl, here}.