I am not convinced that we need intuitive cryptography. Many things in life are not understood by the general public. How does a car really work: most people don't know but they still drive one. How does a microwave oven work?
People don't need to understand the details, but the high level concept should be simple: If that is what you are trying to convey, I agree with you. I guess we could very well do with some cryptographic simplifications. Hash functions are one example. We have security against arbitrary collisions, 2nd pre-image resistance, preimage resistance. Most of our hash functions today don't satisfy all of these properties: "Oh SHA1 is vulnerable to aribitrary collisions attacks, but it is still safe agains 2nd pre-image attacks, so don't worry!" Why do we need all of these properties? In most cases, we don't. Mathematical masturbation might be to blame? Block cipher encryption. How many modes of operations exist? Some use a counter, others need a random non predictable IV, others just need a non repeatable IV? Do we need all of this? I often find myself explain these concepts to non-cryptographers. I'm often taken for a crazy mathematician. What is the length of a private key? In 1024-bit RSA, your d is about 1024 bits. But is d your private key, or is it (d,N), in which case there is more than 1024 bits! No, N is public, the known modulus, but you need it to decrypt, you can't just use d by itself. Oh, in DSA the private key is much shorter. You actually also need a random k, which you can think of as part of your key, but it's just a one time value. Are we talking about key lengths, of modulus lengths really? When you encrypt with RSA, you need padding. With Elgamal, you don't need any, complicated story. And don't use just any padding. You would be foolish to use PKCS#1 v1.5 padding, everybody knows that right? Use OAEP. It is provably broken, but works like a charm when you encrypt with RSA! Going back to the million dollar paranormal challenges: Something like a Windows SAM file containing the NTLM v2 hash of the passphrase consisting of the answer might be something to consider? Not perfect but... --Anton -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Matt Blaze Sent: January 26, 2007 5:58 PM To: Cryptography Subject: Intuitive cryptography that's also practical and secure. I was surprised to discover that one of James Randi's "million dollar paranormal challenges" is protected by a surprisingly weak (dictionary- based) commitment scheme that is easily reversed and that suffers from collisions. For details, see my blog entry about it: http://www.crypto.com/blog/psychic_cryptanalysis/ I had hoped to be able to suggest a better scheme to Randi (e.g., one based on a published, scrutinized bit commitment protocol). Unfortunately I don't know of any that meets all his requirements, the most important (aside from security) being that his audience (non-cryptographers who believe in magic) be able to understand and have confidence in it. It occurs to me that the lack of secure, practical crypto primitives and protocols that are intuitively clear to ordinary people may be why cryptography has had so little impact on an even more important problem than psychic debunking, namely electronic voting. I think "intuitive cryptography" is a very important open problem for our field. -matt --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED] --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]