Cryptography-Digest Digest #88, Volume #11 Thu, 10 Feb 00 11:13:01 EST
Contents:
Re: Voynich manuscript ([EMAIL PROTECTED])
Weak Blowfish implementations? ([EMAIL PROTECTED])
Re: New standart for encryption software ("Lassi Hippel�inen")
Re: Weak Blowfish implementations? (Bruno Rohee)
Re: Compression cannot prevent plaintext recognition (was Re: is signing a
signature with RSA risky?) (Tim Tyler)
Re: New standart for encryption software. (Mok-Kong Shen)
Re: A query method for communications ... (Mok-Kong Shen)
Re: question about PKI... (Timothy M. Metzinger)
Re: A query method for communications ... the method FOX -- actually a ("Markku J.
Saarelainen")
Re: A query method for communications ... ("Markku J. Saarelainen")
Re: Message to SCOTT19U.ZIP_GUY (Tim Tyler)
Re: Latin Squares (was Re: Reversibly combining two bytes?) (Tim Tyler)
Re: Court cases on DVD hacking is a problem for all of us ("Dr.Gunter Abend")
Re: Latin Squares (was Re: Reversibly combining two bytes?) ("Tony T. Warnock")
A simple crypto system and method - "FOX" - ("Markku J. Saarelainen")
Re: New standart for encryption software. (Albert P. Belle Isle)
----------------------------------------------------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Voynich manuscript
Date: Thu, 10 Feb 2000 13:12:01 GMT
>or has it been brushed aside as
a
> medieval
> practical joke?
>
>
My column for this week is "Strange Waters" and concerns the Voynich
manuscript. Read at:
http://www.stormloader.com/flavin
My take? No joke, but rather a con. The onus of proof is always on
those who make claims and I've had it with the assertion VMS is a doc in
a cipher alphabet; what if it's a con to LOOK like a cipher alphabet?
Regards,
Rick
--
Flavin's Corner:
http://www.stormloader.com/flavin
Twisted History:
http://flavin.webjump.com/twist.htm
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: [EMAIL PROTECTED]
Subject: Weak Blowfish implementations?
Date: Thu, 10 Feb 2000 13:18:31 GMT
I have tried out some Blowfish implementations and found that regular
plaintext patterns, like entries with line delimiters pasted repeatedly,
show up as regular patterns in the cyphertext. The regularities are
visible by plain eye. As they do not appear when there are no obvious
regularities in the plaintext, I assume that they cannot be product of
any formating or block encoding after encryption.
1) I've always thought that a good cryptographic algorithm must produce
output that at least *looks* random. Is this correct?
2) Can regular patterns occur in correctly Blowfish encrypted cyphertext?
Or is it reasonable to assume that the implementations I've tried are
buggy?
3) Is there anybody who is willing to take a look at these
implementations?
Best regards,
John Stone
--
This message is posted under wrong name via Deja.com because the author
does not want anyone in 10 years to be able to track down and make a
detailed profile of what the author has thought and written.
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: "Lassi Hippel�inen" <"lahippel$does-not-eat-canned-food"@ieee.org>
Subject: Re: New standart for encryption software
Date: Thu, 10 Feb 2000 13:43:07 GMT
[EMAIL PROTECTED] wrote:
>
> In article
> <[EMAIL PROTECTED]>,
> Eric Lee Green <[EMAIL PROTECTED]> wrote:
(...)
> > What
> > matters is that most Europeans will *NOT* use an American-made
> closed-source
> > cryptography product, because they view such products as containing
> NSA back
> > doors.
>
> Is this an assumption, or based on hard facts???
I volunteer as Evidence n:o 1.
> European customers have had to put up with Netscape's 56 bit SSL
> encryption....I dont see any 128 bit European Browser???
Mine. Netscape with www.fortify.net influence. Legal as church on
Sunday. Another alternative is Opera (see
http://www.opera.no/features.html), the only truly HTML-compatible
browser.
(...)
> Unless you compile and run the compiled code yourself...you have no
> gaurantee of 1-1 equivalence between the binary and the source..
...and the really paranoid want to see the source code of the compiler,
too...
Anyway, most Linux users compile it anyway, because the stuff comes in
source code, not binary.
-- Lassi
------------------------------
From: Bruno Rohee <[EMAIL PROTECTED]>
Subject: Re: Weak Blowfish implementations?
Date: Thu, 10 Feb 2000 15:01:12 +0000
[EMAIL PROTECTED] wrote:
>
> I have tried out some Blowfish implementations and found that regular
> plaintext patterns, like entries with line delimiters pasted repeatedly,
> show up as regular patterns in the cyphertext. The regularities are
> visible by plain eye. As they do not appear when there are no obvious
> regularities in the plaintext, I assume that they cannot be product of
> any formating or block encoding after encryption.
>
> 1) I've always thought that a good cryptographic algorithm must produce
> output that at least *looks* random. Is this correct?
Yes, Blowfish operates on 64 bits blocks and the output looks fairly random.
What I guess you did is using Blowfish in ECB mode, so if you encrypt twice
the same 64 bit block of course it'll look the same in the output. Use a
cipher block chaining mode to solve that.
------------------------------
From: Tim Tyler <[EMAIL PROTECTED]>
Subject: Re: Compression cannot prevent plaintext recognition (was Re: is signing a
signature with RSA risky?)
Reply-To: [EMAIL PROTECTED]
Date: Thu, 10 Feb 2000 13:49:03 GMT
Anton Stiglic <[EMAIL PROTECTED]> wrote:
: Wooo, this is deviating again. Let me make this as simple as possible:
: E_k: encryption algorithm using a key k,
: D_k: decryption algorithm using a key k,
: Z: compression function,
: U: uncompression function
: m: a plaintext message
: So, encrypting m, would be done as follows:
: -first compress m,
: -then encrypt the result
: That gives E_e(Z(m)), where e is the encryption key
: Now, if you are testing out a decryption key d, you do
: y <- D_d(E_e(Z(m)))
: Now, if you have the correct key y=Z(m), so you simply
: unzip y , call the result x (x <- U(y)), if you have the right
: decrypiton key, x = m. So an attacker will simply look
: for the headers in x.
What if all x (such that x = U(f) for some f) have the headers the
attacker is looking for?
I.e. what if the information about message content available to the
analyst is the same as the information about message content which was
available to the author of the compressor - and the latter designed a
scheme to correctly exploit it?
: Where does anyone see this as complicating an attackers
: job????
Clearly it /can/ complicate the attackers job - in the case where all
possible decrypted, decompressed messages contain the "headers" he
would normally look for.
: Seriously, you can talk about using modes of operations,
: or come up with a different ciphertext, but compression doesn't
: help to prevent an attacker from finding out if he has the
: correct decryption key.
Seriously, it clearly can.
It can reduce the attacker who only knows statistical characteristics of
the plaintext to virtual helplessness.
Obviously if the attacker has definite known plaintext for a particular
message - and (importantly) this information was not available to the
designer of the compressor - he can still mechanically reject keys for
that message, by checking to see if the decompressed result matches the
plaintext. Compression can make no difference to /that/.
--
__________
|im |yler The Mandala Centre http://www.mandala.co.uk/ [EMAIL PROTECTED]
I will never lie to you.
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: New standart for encryption software.
Date: Thu, 10 Feb 2000 15:31:51 +0100
Albert P. Belle Isle wrote:
>
> If you'll re-read my original posting I think you'll see that we're in
> essential agreement on the _necessity_ for source code reviews
> (multiple) to catch implementation errors.
I believe that in software engineering it is not sufficient to
stress that one should have reviews but also to demand that one
should have codes that are, by design, easy to be reviewed in the
first place. For otherwise with the expenditure of the same amount
of resources, the number or else the quality of reviews would be
worse than in the case where the codes are well written, provided
with good comments (besides good documents) and, if possible, with
invariants and other sorts of correctness verification aids. Since
in cryptology there is always the potential risk of having
deliberately introduced bugs in addition to the unconsicously
introduced bugs (that are the sole kind of bugs in almost the rest of
the world of software), having a very high quality of coding is of
paramount importance in reliable crypto software production in my
humble view.
M. K. Shen
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Crossposted-To: alt.politics.org.cia,alt.security,alt.2600
Subject: Re: A query method for communications ...
Date: Thu, 10 Feb 2000 15:43:40 +0100
wtshaw schrieb:
>
> In article <[EMAIL PROTECTED]>, Mok-Kong Shen
> <[EMAIL PROTECTED]> wrote:
>
> > Conversely, you can update your web pages in some specific ways
> > to broadcast certain intelligence without outsiders noticing that,
> > I suppose.
>
> Of course you can. But, it might be of interest to see who went after
> that material.
I think the trick (if it could be called as such) is that one has
a web page of innocent content but of sufficiently high interest
to many, so that there would be plenty of people normally accessing
it. This way, it is difficult to trace out the real intended
recepients of the secret intelligence informations. Well, this is
actually nothing but sort of steganography, isn't it?
M. K. Shen
------------------------------
From: [EMAIL PROTECTED] (Timothy M. Metzinger)
Subject: Re: question about PKI...
Date: 10 Feb 2000 14:39:01 GMT
In article <[EMAIL PROTECTED]>, [EMAIL PROTECTED]
(Palmpalmpalm) writes:
>I would appreciate it if you could kindly let me know how to revoke and how
>to
>get a new certificate without handling the old private-key.
Typically a revocation request is sent to the CA signed by a third party
authorized to do so, like an RA.... So if you lose or compromise your key, you
see your RA, prove to him that you are you, and request key revocation. He
sends a signed message to the CA, and voila your key is revoked. Face-to-Face
communication isn't always necessary, in my organization we'll take a
revocation request over the phone, provided the caller knows a few shared
secrets to reasonably prove identity.
Then you are issued a new key pair in the same fashion as you were issued your
old one.
Timothy Metzinger
Commercial Pilot - ASEL - IA AOPA Project Pilot Mentor
DOD # 1854 '82 Virago 750 - "Siobhan"
Cessnas, Tampicos, Tobagos, and Trinidads at FDK
------------------------------
From: "Markku J. Saarelainen" <[EMAIL PROTECTED]>
Crossposted-To: alt.politics.org.cia,alt.security,alt.2600
Subject: Re: A query method for communications ... the method FOX -- actually a
Date: Thu, 10 Feb 2000 14:53:41 GMT
Actually, you can use other people's web pages and other documents on the
Internet with your formulas to communicate secret information. These web
pages have to be static and accessible with document IDs etc., when a
receive of your secret formulas / communication algorithm read your
communication. Actually, you only need to communicate formula and some
tables such as my newsletters. Do you want to know the method... ? (Actually
I call it FOX)
Mok-Kong Shen wrote:
> wtshaw schrieb:
> >
> > In article <[EMAIL PROTECTED]>, Mok-Kong Shen
> > <[EMAIL PROTECTED]> wrote:
> >
> > > Conversely, you can update your web pages in some specific ways
> > > to broadcast certain intelligence without outsiders noticing that,
> > > I suppose.
> >
> > Of course you can. But, it might be of interest to see who went after
> > that material.
>
> I think the trick (if it could be called as such) is that one has
> a web page of innocent content but of sufficiently high interest
> to many, so that there would be plenty of people normally accessing
> it. This way, it is difficult to trace out the real intended
> recepients of the secret intelligence informations. Well, this is
> actually nothing but sort of steganography, isn't it?
>
> M. K. Shen
------------------------------
From: "Markku J. Saarelainen" <[EMAIL PROTECTED]>
Crossposted-To: alt.politics.org.cia,alt.security,alt.2600
Subject: Re: A query method for communications ...
Date: Thu, 10 Feb 2000 14:50:49 GMT
Actually, you can use other people's web pags and other documents on the
Internet with your formulas to communicate secret information. These web
poages have to be static and accessable with document IDs etc., when a
receive of your secret formular / communication algorithm read your
communication. Actually, you only need to communicate formula and some
tables such as my newsletters. Do you want to know the method... ? (Actually
I call it FOX)
Mok-Kong Shen wrote:
> wtshaw schrieb:
> >
> > In article <[EMAIL PROTECTED]>, Mok-Kong Shen
> > <[EMAIL PROTECTED]> wrote:
> >
> > > Conversely, you can update your web pages in some specific ways
> > > to broadcast certain intelligence without outsiders noticing that,
> > > I suppose.
> >
> > Of course you can. But, it might be of interest to see who went after
> > that material.
>
> I think the trick (if it could be called as such) is that one has
> a web page of innocent content but of sufficiently high interest
> to many, so that there would be plenty of people normally accessing
> it. This way, it is difficult to trace out the real intended
> recepients of the secret intelligence informations. Well, this is
> actually nothing but sort of steganography, isn't it?
>
> M. K. Shen
------------------------------
From: Tim Tyler <[EMAIL PROTECTED]>
Subject: Re: Message to SCOTT19U.ZIP_GUY
Reply-To: [EMAIL PROTECTED]
Date: Thu, 10 Feb 2000 14:13:49 GMT
Douglas A. Gwyn <[EMAIL PROTECTED]> wrote:
: [EMAIL PROTECTED] wrote:
:> Pass one encrypt with an "AES" ciper
:> Pass two use Compression A
:> Pass three encrypt with a different key or different cipher
:> Pass four use Compression B
:> Pass five encrypt with a different Key
: Those "compression" stages are not likely to compress,
: so they simply amount to keyless transformations.
: One might as well substitute real encryptions in their place.
To my ears, the description quoted at the top sounds like an extremely
garbled version of DS's recommendation of a method get diffusion of
plaintext information through the entire message by applying adaptive
compression programs "in both directions" through the file - in the
absence of any better whole-message diffusion scheme.
Such "compression in both directions" is mainly designed to produce
diffusion of the plaintext information through the file. Of course,
the first pass would also compress - assuming it is applied to
unencyphered text.
*If* you were to try to replace such a process with a type of encryption
- *and* you're trying to get the same effect - the encryption should be
one that diffuses plaintext information through the file - and
consequently prevents message fragments from be broken independently of
the rest of the message.
In other words, you *can't* use (many types of) stream cypher, or a
ECB/CBC/CFB/OFB mode block cypher - since these constructs don't
inhibit analysis based on message fragments to the extent that
simple unbounded (and unkeyed) diffusion would.
--
__________
|im |yler The Mandala Centre http://www.mandala.co.uk/ [EMAIL PROTECTED]
Laugh and the whole world thinks you're an idiot.
------------------------------
From: Tim Tyler <[EMAIL PROTECTED]>
Subject: Re: Latin Squares (was Re: Reversibly combining two bytes?)
Reply-To: [EMAIL PROTECTED]
Date: Thu, 10 Feb 2000 14:28:54 GMT
zapzing <[EMAIL PROTECTED]> wrote:
: You do *not* need a latin square,
: because what you refer to as the
: encyphering symbol never needs to be
: recovered. The only thing you ever really
: need to do is recover the message symbol
: from the combined symbol.
: I will give an example which is hopefully
: better explained. Suppose we have two bit bytes,
: then coinsider the combining function given
: by the table:
: m= 0123
: ----
: e=0 3102
: e=1 2130
: e=2 0231
: e=3 1320
: Now if you had the encyphering symbol
: and the combined symbol then you could
: recover the message symbol, but you
: could not recover the encyphering symbol
: from the combined symbol and the message
: symbol, but that's OK, because you never
: need to do that anyway.
: This sort of combining function would
: be much easier to do than making a
: latin square, and there are more
: possibilities also, so why would you
: need a latin square? That was not
: a rhetorical question , I really
: do want to know why, if you would
: be so kind as to clue me in.
To supplement r.e.s.'s post, perhaps you don't *need* a Latin square
- but a Latin square is *desirable*.
If you *don't* have a Latin square, you may be doing the equivalent
of wasting some of your keys.
If you were to waste *all* your keys, you may wind up with something like:
m= 0123
----
e=0 0312
e=1 0312
e=2 0312
e=3 0312 :-(
A Latin square avoids this sort of thing to the maximum possible degree.
--
__________
|im |yler The Mandala Centre http://www.mandala.co.uk/ [EMAIL PROTECTED]
Legalise IT.
------------------------------
From: "Dr.Gunter Abend" <[EMAIL PROTECTED]>
Subject: Re: Court cases on DVD hacking is a problem for all of us
Date: Thu, 10 Feb 2000 16:23:55 +0100
Xcott Craver wrote:
> o The purpose of DVD encryption is controlling how you can
> _play_ the DVD. You can only play your DVD on certain
> approved set-top boxes or programs, which license the
> decryption technology.
Eric Lee Green wrote:
>> I DON'T have the right to play this DVD disk on a DVD player
>> in England (due to Zone Coding), despite the fact that it's
>> perfectly legal for me to carry my book to England and read it?
I may buy this sort of equipment. Am I not allowed to carry it
with me travelling around the world? With *my* DVD player I can
play an American DVD in Europe, despite the fact that the code on
that DVD prohibits playing it there! And I cannot play English
DVDs with my player, even in England! It *must* be forbidden to
carry players around. Did they impose such restrictions on the
*players*?
I *cannot* carry software from one computer to another -- although
absolutely legal, if I have bought it -- in case it has a Linux OS
instead of Windows in it. Did they impose *this* restriction on
the player software? Or is it just accidental, because they did
not implement it *yet*?
> Analogy: A company prints books that can only be read under
> an AOL Time-Warner(tm) brand reading lamp. Otherwise you
> can't make out the text.
>
> One day, someone discovers that the special reading lamp is
> just an ultraviolet bulb (ouch!) Then, a kid from Norway
> posts instructions for making one with spare parts.
If you *buy* some good (instead of leasing it), might the previous
owner impose such restrictions on it? Only the *government* may
restrict the use of your property, and only if it causes some harm
to the public or the environment. Do you know any example of
restrictions like those on DVD *players* -- which are not allowed
to play all DVDs?
DeCSS can only be used to enable my *player* -- and if this is not
forbidden, why do they accuse Jon Johansen?
Ciao, Gunter
------------------------------
From: "Tony T. Warnock" <[EMAIL PROTECTED]>
Subject: Re: Latin Squares (was Re: Reversibly combining two bytes?)
Date: Thu, 10 Feb 2000 08:19:12 -0700
Reply-To: [EMAIL PROTECTED]
"r.e.s." wrote:
> "zapzing" <[EMAIL PROTECTED]> wrote ...
> : "r.e.s." <[EMAIL PROTECTED]> wrote:
> : > "Tony T. Warnock" <[EMAIL PROTECTED]> wrote ...
> : > : All combiners will have to be Latin squares.
> : >
> : > The Latin Square combiners appear to be a subset of all
> : > possible combiners, corresponding to "balanced" rows &
> : > columns in the table; so a combiner that's an Lsquare
> : > might be *better* than one that's not, in some context,
> : > but not all combiners need be Lsquares, as far as I can
> : > see in common usage of the term. (But it does seem that
> : > to be a combiner it must allow for later recovery of the
> : > message -- resulting in N!^N possible NxN combiners.)
> : >
> : > To take the most extreme example:
> : > If row corresponds to enciphering-symbol and column
> : > corresponds to message-symbol, then for an alphabet of
> : > 4 symbols even the square
> : >
> : > 0123
> : > 0123
> : > 0123
> : > 0123
> : >
> : > yields a combiner -- but not a good one, since a given message
> : > symbol will result in an output independent of enciphering
> : > symbol. Whether less-extreme non-balanced (i.e. non-Lsquare)
> : > combiners are ever desirable -- that would seem to be another
> : > question.
> : >
> :
> : OK, I posted about this before but apparently
> : I just did not make myself clear, or something,
> : so I will try again (assuming that the
> : moderators will be patient with my lack of
> : communication skills).
>
> I missed your earlier posting. We're in total agreement
> that a combiner need not be a Latin Square -- that's the
> point I was making, after all. (I have the feeling that
> your remarks are really intended for Tony, to whom I had
> replied in a similar vein.)
>
> (btw, this ng is unmoderated)
>
> : You do *not* need a latin square,
> : because what you refer to as the
> : encyphering symbol never needs to be
> : recovered. The only thing you ever really
> : need to do is recover the message symbol
> : from the combined symbol.
> : I will give an example which is hopefully
> : better explained. Suppose we have two bit bytes,
> : then coinsider the combining function given
> : by the table:
> :
> : m= 0123
> : ----
> : e=0 3102
> : e=1 2130
> : e=2 0231
> : e=3 1320
> :
> : Now if you had the encyphering symbol
> : and the combined symbol then you could
> : recover the message symbol, but you
> : could not recover the encyphering symbol
> : from the combined symbol and the message
> : symbol, but that's OK, because you never
> : need to do that anyway.
> :
> : This sort of combining function would
> : be much easier to do than making a
> : latin square, and there are more
> : possibilities also, so why would you
> : need a latin square? That was not
> : a rhetorical question , I really
> : do want to know why, if you would
> : be so kind as to clue me in.
>
> Again, although your reply is to my posting, I'll
> assume the "you" in the above sentence is generic,
> since I didn't say that a Latin Square is needed--
> I said that one is *not* needed, and that it's
> a separate issue as to whether a non-LatinSquare
> combiner would be "good" in a given context.
>
> My 2-cents about the general situation, though, is
> that if a column is not a permutation of the entire
> output symbol alphabet, then some output symbols
> may tend to be more/less frequent than others when
> enciphering the same message symbol, and that might
> well be a weakness wrt frequency anaysis.
That's the point. With Latin squares, the probabilities get more
uniform.
------------------------------
From: "Markku J. Saarelainen" <[EMAIL PROTECTED]>
Crossposted-To:
alt.politics.org.cia,alt.security,alt.2600,soc.culture.soviet,soc.culture.russian,soc.culture.europe,soc.culture.israel,alt.math
Subject: A simple crypto system and method - "FOX" -
Date: Thu, 10 Feb 2000 15:46:01 GMT
Well, here is just one simple example ... this is just a simple application, but
can work in many practical situations.
You can use my newsletters at
http://home.earthlink.net/~mjsion/isbn.htm
You can have your database and assign codes (such as numbers or any other
characters easily to be processed) to each word in each newsletter. Actually a
simple PASCAL or C/C++ or other program is extremely helpful. You can
communicate your code book securely (you can just give the diskette or secure
medium ..) to people who should receive it and your program (to encrypt or
decrypt) as appropriate.
If you like, you can just post your encrypted messages here on the USENET and
your partner shall be able to receive and read them and post additional
encrypted messages to you on the USENET.
This is actually, one of the most simplest methods and does not even require
much work. And just by adding few additional steps, your crypto system can be
very secure and you can communicate in any language.
And I am going to write my additional newsletters and post these tables in the
future on the USENET: alt.politics.org.cia . Quite handy tables ... aren't they
...? Well .. have been so since 1994 ....
My very best wishes,
Markku
P.S. Visit http://homestead.virtualjerusalem.com/waeg/
"Markku J. Saarelainen" wrote:
> Actually, you can use other people's web pages and other documents on the
> Internet with your formulas to communicate secret information. These web
> pages have to be static and accessible with document IDs etc., when a
> receive of your secret formulas / communication algorithm read your
> communication. Actually, you only need to communicate formula and some
> tables such as my newsletters. Do you want to know the method... ? (Actually
>
> I call it FOX)
>
> Mok-Kong Shen wrote:
>
> > wtshaw schrieb:
> > >
> > > In article <[EMAIL PROTECTED]>, Mok-Kong Shen
> > > <[EMAIL PROTECTED]> wrote:
> > >
> > > > Conversely, you can update your web pages in some specific ways
> > > > to broadcast certain intelligence without outsiders noticing that,
> > > > I suppose.
> > >
> > > Of course you can. But, it might be of interest to see who went after
> > > that material.
> >
> > I think the trick (if it could be called as such) is that one has
> > a web page of innocent content but of sufficiently high interest
> > to many, so that there would be plenty of people normally accessing
> > it. This way, it is difficult to trace out the real intended
> > recepients of the secret intelligence informations. Well, this is
> > actually nothing but sort of steganography, isn't it?
> >
> > M. K. Shen
------------------------------
From: Albert P. Belle Isle <[EMAIL PROTECTED]>
Subject: Re: New standart for encryption software.
Date: Thu, 10 Feb 2000 11:00:47 -0500
Reply-To: [EMAIL PROTECTED]
On Thu, 10 Feb 2000 15:31:51 +0100, Mok-Kong Shen
<[EMAIL PROTECTED]> wrote:
>Albert P. Belle Isle wrote:
>>
>> If you'll re-read my original posting I think you'll see that we're in
>> essential agreement on the _necessity_ for source code reviews
>> (multiple) to catch implementation errors.
>
>I believe that in software engineering it is not sufficient to
>stress that one should have reviews but also to demand that one
>should have codes that are, by design, easy to be reviewed in the
>first place. For otherwise with the expenditure of the same amount
>of resources, the number or else the quality of reviews would be
>worse than in the case where the codes are well written, provided
>with good comments (besides good documents) and, if possible, with
>invariants and other sorts of correctness verification aids. Since
>in cryptology there is always the potential risk of having
>deliberately introduced bugs in addition to the unconsicously
>introduced bugs (that are the sole kind of bugs in almost the rest of
>the world of software), having a very high quality of coding is of
>paramount importance in reliable crypto software production in my
>humble view.
>
>M. K. Shen
Mr. Shen:
I couldn't agree more.
Having had to manage the development of more code than I care to
remember, I certainly tried to encourage such practices as an aid to
(my own) oversight.
However, when I began writing a bit of code again, myself, I was
happily surprised to find that by adopting self-documenting code
practices (to avoid being a hypocrite), I had actually made it much
easier for myself in both inital debug and subsequent support of
changes.
(The discipline seems akin to the benefit of having to teach something
that you think you understood, until forced to satisfy a classroom
full of sharp students who demand their tuition's worth.)
I certainly didn't mean to denigrate the necessity for good software
engineering in my stating that review of (such well-developed) source
code is, nevertheless, only necessary - not sufficient in good INFOSEC
engineering (as opposed to programming) practice.
"Show me the finished data clusters," should still be added to "show
me the source code."
Albert P. BELLE ISLE
Cerberus Systems, Inc.
================================================
ENCRYPTION SOFTWARE with
Forensic Software Countermeasures
http://www.CerberusSystems.com
================================================
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
