The IDEA cipher was subject to an attack more efficient than brute force, in 2012.
Despite this, competent researchers still agree that the attack is not yet computationally feasible. If you’re a little nervous, here’s a way to harden your IDEA implementation.
Block ciphers are hard to parallelize in, for example, CBC mode, because the input for the n’th block is dependent on the n-1’th block. A quick solution to this, is to divide the plaintext into four interleaved groups, such that the first, fifth and every fourth block thereafter, is in one stream, the second, sixth and every fourth block thereafter is in the second stream, the third, seventh and every fourth block thereafter in the third stream, and the fourth, eighth and every fourth block thereafter is in the fourth and final stream [Applied Cryptography, Chapter 10.] In this way, an attacker must compromise enough streams to interpolate any data he does not have.
The crucial factor is that the initialization vectors of each stream MUST be INDEPENDENT of each other. Here is a way to obtain four such independent initialization vectors.
- md5sum the password (if the password itself is too small, the issue is moot)
- Take the right-most 8 bits as an integer (0 to 255) “n.”
- add 1
- sha512sum the (unmodified) password n times (hashing the result successively)
- take the first 128 bits as vector 1, the second 128 bits as vector 2, etc.
- This result is deterministic, and can be completed identically by both sender and receiver.
IDEA has a 128 bit keyspace. Apply such procedures as are necessary to exclude weak keys, and then encrypt each stream with the relevant initialization vector, interleaving them again, as you go.