Cryptography-Digest Digest #368, Volume #13 Wed, 20 Dec 00 06:13:01 EST
Contents:
Should I use Protocol 1.0 (RSA) or Protocol 2.0 (DSA)? (jtnews)
Re: Possibly another Encryption method - any thoughts ? (Simon Best)
Re: Should I use Protocol 1.0 (RSA) or Protocol 2.0 (DSA)? (Tom St Denis)
Re: Q: Result of an old thread? (Bryan Olson)
Re: Should I use Protocol 1.0 (RSA) or Protocol 2.0 (DSA)? (Richard E. Silverman)
Re: Should I use Protocol 1.0 (RSA) or Protocol 2.0 (DSA)? (jtnews)
Re: Q: Result of an old thread? (Simon Best)
Re: Q: Result of an old thread? (Benjamin Goldberg)
Re: Q: Result of an old thread? (Simon Best)
Re: Q: Result of an old thread? (Bryan Olson)
Re: Mathematical concepts (Joris Vankerschaver)
Re: Possibly another Encryption method - any thoughts ? (Kirk Whelan)
Re: Possibly another Encryption method - any thoughts ? (Kirk Whelan)
----------------------------------------------------------------------------
Date: Tue, 19 Dec 2000 20:32:39 -0500
From: jtnews <[EMAIL PROTECTED]>
Crossposted-To: comp.security.ssh
Subject: Should I use Protocol 1.0 (RSA) or Protocol 2.0 (DSA)?
I'm trying to use ssh, should I use protocol 1.0 or 2.0?
What's the difference? Which one is more secure?
------------------------------
From: Simon Best <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Subject: Re: Possibly another Encryption method - any thoughts ?
Date: Wed, 20 Dec 2000 01:54:00 +0000
Kirk Whelan wrote:
>
> Hi Simon, thanks for replying, let me see if I can answer the points
> that you have asked/raised.
>
> I have never heard the term
> >'security through obscurity'
> until I started to follow this newsgroup, so I am still learning ( not a
> bad thing :-) )
[...]
> >When a system relies on people not knowing how it works for security,
> >that's called 'security through obscurity'. It's generally accepted
> >that it's a bad idea. Answer the following questions, in detail, to see
> >why it's bad:
> >
> >1. What will you do if, during the lifetime of your cryptosystem, you
> >learn that an adversary has found out how your cryptosystem works?
> I theory, it shouldn't matter if someone did, in fact I will reveal all,
> because I still think what I propose still has some life left in it, at
> this stage. But I don't doubt I could be heading for retirement.
There's no need to retire if one cryptosystem gets broken. What
cryptographers usually recommend is that those learning cryptography
learn about cryptanalysis, and do cryptanalysis, before devising their
own ciphers. (Well, I must admit that I haven't myself followed that
recommendation as such, but have spent time analysing mathematically
similar problems in mathematically similar things.)
> >2. What will you do if an adversary finds out how it works, but you
> >never find out that an adversary has found out?
> Foiled again !!
>
> >3. What will you do if a once trusted person turns into an adversary?
> Has happened before and will happen again.
> >
> >4. How will you keep possible adversaries from finding out in the first
> >place?
> Don't know how to answer that.
> >
> >5. How will you reduce risks from things that haven't even occurred to
> >you, me, or anyone else?
> I wish I could see into the future....
Alas, we humans generally seem to have great difficulty seeing into the
future. What we can do is learn from the past and hope it's a good
guide. Understanding how and why past, broken ciphers were broken is a
good example here, as you'll then be in a better position to try to
avoid such weaknesses in your own ciphers.
[...]
> So there you have it.
> I only started this so that I could transfer "root" password across the
> internet :-)
You've gone to all that trouble to transfer a superuser password
securely across The Internet? Why not use existing cryptographic
software? What about SSL?
> So no more obscurity.
Not entirely. Your description was a bit too vague and ambiguous in
places for me to really follow. You need to present it more formally,
and spell out what you mean in detail.
> --
> Kirk Whelan
Simon
--
_______________________________________________________________________________
Personal: [EMAIL PROTECTED]
Yellow Skies: [EMAIL PROTECTED] http://www.yellowskies.com
Everyone does their own signature to be different. How does that work?
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Crossposted-To: comp.security.ssh
Subject: Re: Should I use Protocol 1.0 (RSA) or Protocol 2.0 (DSA)?
Date: Wed, 20 Dec 2000 03:46:42 GMT
In article <[EMAIL PROTECTED]>,
jtnews <[EMAIL PROTECTED]> wrote:
> I'm trying to use ssh, should I use protocol 1.0 or 2.0?
> What's the difference? Which one is more secure?
Secure for what?
Tom
Sent via Deja.com
http://www.deja.com/
------------------------------
From: Bryan Olson <[EMAIL PROTECTED]>
Subject: Re: Q: Result of an old thread?
Date: Wed, 20 Dec 2000 04:03:18 GMT
Simon Best wrote:
> I'm about to move on to analysing integer element matrices with a
> singular S that doesn't have any empty columns (or rows).)
Sounds good. I'd say the generalization of your zero-column
solution is to find the rank of the known matrices and solve
in that dimension - where the solution is unique. That's also
the idea behind my suggestion a few posts back in this strand.
Like your zero-column method, it avoids reference to the whole
of A or B. (Incidentally, I think the zero-column solution
assumes that the n by n matrices have rank n-1, which is
suggested but not implied by the given description of S.)
Don't read below if you want to carry out the analysis by
yourself.
I wrote:
| If AS is n by n with rank m < n, then you can express AS as
| an n by m times an m by n. Call then C and D respectively.
| There exists some S' such that S = S'*D. After the second
| pass solve for D*B instead of B. In the third pass we get
| S'*D*B with D and D*B known and S = S'*D.
Here's the flow in more detail. I'll denote the product of X
and Y as either X*Y or XY, but the former will suggest X and Y
are both known, while the latter suggests only the product is
known.
In the first pass we get AS, which is n by n with rank m < n.
Find an n by m matrix C, and m by n matrix D such that
C*D = AS. We can choose C by letting its columns be
some basis for AS, then we can solve for D.
On the second pass we get ASB.
ASB = (AS)B = (C*D)B = C*(DB)
Since we know C and CDB we can solve for the m by n
matrix DB. C is a basis for the column space of CDB so
the solution is unique.
On the third pass we get SB.
SB = A^-1 ASB = A^-1 CDB = (A^-1 C) * DB
We know DB so we can solve for the n by m matrix A^-1 C
We also know D, so we find
A^-1 C * D = A^-1 AS = S.
That recovers the shared secret S and breaks the scheme.
Again.
--Bryan
Sent via Deja.com
http://www.deja.com/
------------------------------
Crossposted-To: comp.security.ssh
Subject: Re: Should I use Protocol 1.0 (RSA) or Protocol 2.0 (DSA)?
From: [EMAIL PROTECTED] (Richard E. Silverman)
Date: 20 Dec 2000 00:35:53 -0500
>>>>> "jtnews" == jtnews <[EMAIL PROTECTED]> writes:
jtnews> I'm trying to use ssh, should I use protocol 1.0 or 2.0?
jtnews> What's the difference? Which one is more secure?
see http://www.snailbook.com/faq/ssh-1-vs-2.auto.html
--
Richard Silverman
[EMAIL PROTECTED]
------------------------------
Date: Wed, 20 Dec 2000 00:47:42 -0500
From: jtnews <[EMAIL PROTECTED]>
Crossposted-To: comp.security.ssh
Subject: Re: Should I use Protocol 1.0 (RSA) or Protocol 2.0 (DSA)?
Thanks for the link! Guess I'll go with 2.0!
"Richard E. Silverman" wrote:
>
> >>>>> "jtnews" == jtnews <[EMAIL PROTECTED]> writes:
>
> jtnews> I'm trying to use ssh, should I use protocol 1.0 or 2.0?
> jtnews> What's the difference? Which one is more secure?
>
> see http://www.snailbook.com/faq/ssh-1-vs-2.auto.html
>
> --
> Richard Silverman
> [EMAIL PROTECTED]
------------------------------
From: Simon Best <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Subject: Re: Q: Result of an old thread?
Date: Wed, 20 Dec 2000 06:26:25 +0000
Bryan Olson wrote:
>
> Simon Best wrote:
>
> > I'm about to move on to analysing integer element matrices with a
> > singular S that doesn't have any empty columns (or rows).)
>
> Sounds good.
And (after some quick revision of basic matrix stuff) I think I've just
done it for any singular S, any A and any B! (Could do with being
verified, though.)
> I'd say the generalization of your zero-column
> solution is to find the rank of the known matrices and solve
> in that dimension - where the solution is unique. That's also
> the idea behind my suggestion a few posts back in this strand.
Yep, there's quite a lot of similarity. Perhaps not entirely
coincidental, as I have been keeping track of this discussion, and have
been reminded of matrix things I'd forgotten a number of times! I'm
sure that's influenced my approach somewhat, to say the least.
> Like your zero-column method, it avoids reference to the whole
> of A or B. (Incidentally, I think the zero-column solution
> assumes that the n by n matrices have rank n-1, which is
> suggested but not implied by the given description of S.)
> Don't read below if you want to carry out the analysis by
> yourself.
[...]
I have read it, and it looks good to me!
> That recovers the shared secret S and breaks the scheme.
> Again.
>
> --Bryan
Seems that the more this scheme gets analysed, the weaker it is...
Simon
--
_______________________________________________________________________________
Personal: [EMAIL PROTECTED]
Yellow Skies: [EMAIL PROTECTED] http://www.yellowskies.com
Everyone does their own signature to be different. How does that work?
------------------------------
From: Benjamin Goldberg <[EMAIL PROTECTED]>
Subject: Re: Q: Result of an old thread?
Date: Wed, 20 Dec 2000 06:36:19 GMT
Bryan Olson wrote:
>
> Simon Best wrote:
>
> > I'm about to move on to analysing integer element matrices with a
> > singular S that doesn't have any empty columns (or rows).)
>
> Sounds good. I'd say the generalization of your zero-column
> solution is to find the rank of the known matrices and solve
> in that dimension - where the solution is unique. That's also
> the idea behind my suggestion a few posts back in this strand.
> Like your zero-column method, it avoids reference to the whole
> of A or B. (Incidentally, I think the zero-column solution
> assumes that the n by n matrices have rank n-1, which is
> suggested but not implied by the given description of S.)
> Don't read below if you want to carry out the analysis by
> yourself.
>
> I wrote:
> | If AS is n by n with rank m < n, then you can express AS as
> | an n by m times an m by n. Call then C and D respectively.
> | There exists some S' such that S = S'*D. After the second
> | pass solve for D*B instead of B. In the third pass we get
> | S'*D*B with D and D*B known and S = S'*D.
When you say that AS can be expressed as C*D, do you mean it can ALWAYS
be expressed as C*D, or only when S has a zero column?
> Here's the flow in more detail. I'll denote the product of X
> and Y as either X*Y or XY, but the former will suggest X and Y
> are both known, while the latter suggests only the product is
> known.
>
> In the first pass we get AS, which is n by n with rank m < n.
>
> Find an n by m matrix C, and m by n matrix D such that
> C*D = AS. We can choose C by letting its columns be
> some basis for AS, then we can solve for D.
What do you mean "some basis for AS", and how difficult is it to find C
and D?
--
There are three methods for writing code in which no bug can be found:
1) Make the code so straightforward that there are obviously no bugs.
2) Make the code so complicated that there are no obvious bugs.
3) Insist that any apparent bugs were really intentional features.
------------------------------
From: Simon Best <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Subject: Re: Q: Result of an old thread?
Date: Wed, 20 Dec 2000 07:50:23 +0000
Simon Best wrote:
>
> Bryan Olson wrote:
> >
> > Simon Best wrote:
> >
> > > I'm about to move on to analysing integer element matrices with a
> > > singular S that doesn't have any empty columns (or rows).)
> >
> > Sounds good.
>
> And (after some quick revision of basic matrix stuff) I think I've just
> done it for any singular S, any A and any B! (Could do with being
> verified, though.)
[...]
> Simon
And here it is...
1: THE SCHEME
Alice wants to send Bob a secret message. Alice applies a
transformation to the message to produce a singular matrix, S. The
transformation is invertible, and Bob knows what the inverse
transformation is. The purpose of this transformation, whatever it is,
is just to get the message into the form of a singular matrix.
Alice chooses a random, invertible matrix, A, and multiplies A by S to
produce AS. She sends the product AS to Bob, but it is also (passively)
intercepted by rebel spies (a la Star Wars).
1.1 AS = A * S
Bob chooses a random, invertible matrix, B, and multiplies AS by B to
produce ASB. He sends the product ASB to Alice, and this is also
intercepted by treacherous (sp?) rebels.
1.2 ASB = AS * B = ( A * S ) * B
Alice inverts A to produce A^(-1), and multiplies this with ASB to
produce SB. She sends SB to Bob, and, yes, the transmission gets
intercepted by those rebel scum.
1.3 SB = A^(-1) * ASB = A^(-1) * ( ( A * S ) * B )
How does that work? Well, it relies on matrix multiplication being
associative:
1.4 X * ( Y * Z ) = ( X * Y ) * Z
Bob inverts B to produce B^(-1), and multiplies this with SB to produce
S:
1.5 S = SB * B^(-1)
And Bob has received and decrypted the secret message from Alice!
(The associative nature of matrix multiplication that this scheme relies
upon is used in the suggested break that follows...)
2: SUGGESTED BREAK
Princess Leia (and some dubious characters she picked up somewhere along
the way), has intercepted and recorded the following Imperial
transmissions:
AS ASB SB
Suppose we can find a suitable matrix, B', such that:
2.1 AS * B' = ASB
Although we don't know what A^(-1) is, we know that:
2.2 A^(-1) * ASB = SB
We also know that:
2.3 A^(-1) * ( AS * B' ) = S * B'
because of the associativity of matrix multiplication:
(2.3) A^(-1) * ( AS * B' )
= A^(-1) * A * S * B'
= I * S * B'
= S * B'
Substituting 2.1 into 2.2:
2.4 A^(-1) * ( AS * B' ) = SB
And, as the left hand sides of 2.3 and 2.4 are the same:
2.5 SB = S * B'
Now, it was not necessary to know what A^(-1) was, or what A was, to
find 2.5. It follows from the scheme that produced AS, ASB and SB, and
the assumption that we have a suitable matrix B'. (Well, it's just
matrix algebra, really, isn't it?)
Taking the inverse of B', we can find S from SB, using 2.5:
2.6 S = ( S * B' ) * (B')^(-1)
= SB * (B')^(-1)
This all relies on finding a suitable B', of course.
Going back to 2.1:
(2.1) AS * B' = ASB
If AS is an N*M matrix, and ASB is an N*L matrix, B' must be an M*L
matrix. 2.1 can be presented as:
2.7:
[ AS_0,0 AS_0,1 ... AS_0,M-1 ][ B'_0,0 B'_0,1 ... B'_0,L-1 ]
[ AS_1,0 AS_1,1 ... AS_1,M-1 ][ B'_1,0 B'_1,1 ... B'_1,L-1 ]
[ ... ... ... ... ][ ... ... ... ... ]
[ AS_N-1,0 AS_N-1,1 ... AS_N-1,M-1 ][ B'_M-1,0 B'_M-1,1 ... B'_M-1,L-1 ]
= [ ASB_0,0 ASB_0,1 ... ASB_0,L-1 ]
[ ASB_1,0 ASB_1,1 ... ASB_1,L-1 ]
[ ... ... ... ... ]
[ ASB_N-1,0 ASB_N-1,1 ... ASB_N-1,L-1 ]
Of course, AS is singular, so B' can't be found by inverting AS and
using that. Simultaneous equations can, however, be used.
2.8.1 ASB_0,0 = AS_0,0 B'_0,0 + AS_0,1 B'_1,0 + ... AS_0,M-1 B'_M-1,0
2.8.2 ASB_0,1 = AS_0,0 B'_0,1 + AS_0,1 B'_1,1 + ... AS_0,M-1 B'_M-1,1
...
2.8.3 ASB_1,0 = AS_1,0 B'_0,0 + AS_1,1 B'_1,0 + ... AS_1,M-1 B'_M-1,0
2.8.1 has the same elements of B' as 2.8.3. If all such equations were
to be examined, they would be found to form L sets of simultaneous
equations, with each set having M simultaneous equations. Each set of
simultaneous equations corresponds to a single column of B'.
But what values should the elements of B' have? Due to AS being
singular, there is some freedom in what values the elements of B' can
have. So for each column, a value can be chosen for an element, and the
equations can be solved as far as possible for that element with that
value. If that is not sufficient to complete that column, pick another
value for another element, and repeat this process until that column is
complete. Do that for all columns.
But, the question is, does such a B', when applied in 2.6 above, yield
the original S?...
(To be continued (I s'pect)...)
And there you have it!
I tried it out on paper with a very small example, and it worked first
time. I was just seeing if anything interesting would emerge if I just
selected my own B' values to satisfy 2.1, and ended up recovering the
original S correctly. Now I'm going to try some other tests of it on
paper...
Simon
--
_______________________________________________________________________________
Personal: [EMAIL PROTECTED]
Yellow Skies: [EMAIL PROTECTED] http://www.yellowskies.com
Everyone does their own signature to be different. How does that work?
------------------------------
From: Bryan Olson <[EMAIL PROTECTED]>
Subject: Re: Q: Result of an old thread?
Date: Wed, 20 Dec 2000 07:48:13 GMT
Benjamin Goldberg wrote:
Benjamin Goldberg wrote:
> Bryan Olson wrote:
> > | If AS is n by n with rank m < n, then you can express AS as
> > | an n by m times an m by n. Call then C and D respectively.
> > | There exists some S' such that S = S'*D. After the second
> > | pass solve for D*B instead of B. In the third pass we get
> > | S'*D*B with D and D*B known and S = S'*D.
>
> When you say that AS can be expressed as C*D, do you mean it
> can ALWAYS be expressed as C*D, or only when S has a zero column?
Always.
> > In the first pass we get AS, which is n by n with rank m < n.
> >
> > Find an n by m matrix C, and m by n matrix D such that
> > C*D = AS. We can choose C by letting its columns be
> > some basis for AS, then we can solve for D.
>
> What do you mean "some basis for AS", and how difficult is
> it to find C and D?
I mean the columns vectors of C are a basis for the column
space of AS. A basis for a vector space is a set of
linearly independent vectors that spans the space. Thus
each column of AS can be expressed a linear combination of
the columns of C. Finding it is efficient: O(n^3).
--Bryan
Sent via Deja.com
http://www.deja.com/
------------------------------
From: [EMAIL PROTECTED] (Joris Vankerschaver)
Subject: Re: Mathematical concepts
Date: 20 Dec 2000 08:54:04 GMT
Paul Rubin ([EMAIL PROTECTED]) wrote:
: Better look at it before you buy it. It is a graduate level text.
: If you've just had some undergraduate courses in algebra and number
: theory, Cohen's book will be very difficult. But it is a great book.
OK, what about the Koblitz book then (Algebraic Aspects of Cryptography)?
Joris
------------------------------
From: Kirk Whelan <[EMAIL PROTECTED]>
Subject: Re: Possibly another Encryption method - any thoughts ?
Date: Wed, 20 Dec 2000 10:48:53 +0000
Hi Simon, thanks for the reply.
OK, the idea here was inspired after reading Simon Singhs book, and the
need to pass passwords over the inter/intra net.
So the idea is/was, reduce a small amount of text to digits, very
simple. Enigma, is safe if is used a very few times or just once.
Prime numbers, perfect numbers are pretty difficult to resolve. Further
more, the perfect number is known. In the system I have thought of you
don't, you just know that they may or may not be there, the decoder
knows how many are to be found.
Therefore if two parties set up a series of enigma wheels according to a
formula, which say 3 variables, that gives 3^10-1 variations (or 999 ).
Each transmission with have a new set of random values for insertion to
the formula. For banking transactions I would envisage 5 or more
variables.
The source text is run through the enigma wheels, and their positions
are rotated out of step. The resultant series of digits are searched for
prime numbers.
OK, I think here comes the good part, according to a second formula a
companion prime is derived, the product of which replaces the prime
found. Good, part number two, the whole lot is shuffled up and the
result is wrapped up through the enigma. Plus the number of digits in
the encoding sequence has started to grow. The process repeats until an
incremental pointer reaches the end of the sequence. Also some of the
digits used in the substitution are candidates for further replacement.
OK, so the whole lot is encrypted.
The point here is that any number of people could send the same single
word back and forth hundreds if not thousands of times, and the encoded
result will never be the same. That's where the strength ( I think )
lies.
To decode, and this is where my maths is somewhat short, can this be
analysed mathematically and reduced. The crytoanalyst knows the
variables, etc., because they were sent along with the encoded text.
The person/machine decoding knows how to unwrap via the final setting of
the enigma. The decoding process must search out candidates for the
collapsing process. Perfect numbers are excellent for this, if anyone
does not know the series of primes numbers that make up the reduction
process, how on earth would they get started, again a mathematician
might know the answer.
Also, I have kept the whole thing in 32 bit arithmetic at the moment,
to keep the numbers digits to be reduced to a reasonable size, but this
could very easily be expanded to handle much larger searches.
Oh, the number of enigma wheels could be varied as well.
BTW it took quite a long time to get the decyper process to work,
because every tiny mistake caused such massive errors it was unreal!
I'll use an example to help.
3 variables 5,6, and 9
encode "kirk"
75738275
7 enigma wheels, initial setting
0781643592
7013865249
0756318924
7561083492
1756342809
6135487290
1453679028
primes used was 1
perfect number is
80729831
final digit settings
63007910759
and 315 rotations of the enigma wheels
OK same encoding
but with variables 4,1 and 5
enigma wheel initial settings
6319042578
3691254807
6312498570
3168254709
8745036921
7460395182
6793082514
4 perfect numbers where used
67787
277987
153301
25442009
final digit settings
516142765847153837536
the enigma wheels were rotated 707 times
Have I explained enough or do I need to go deeper.
NB: One nice thing, the length of the encoded text bears no resemblance
to the size of the encoded text, and the fact that different translation
tables would produce an entirely different input series of digits.
Kirk
In article <91ogip$fn6$[EMAIL PROTECTED]>, Simon Johnson
<[EMAIL PROTECTED]> writes
>The main problem with this cipher is that it looks hellishly complex.
>We would like something simpler, so that it can be easily analysed such
>that true security established.
>
>Simon.
>--
>Hi, i'm the signuture virus,
>help me spread by copying me into Signiture File
>
>
>Sent via Deja.com
>http://www.deja.com/
--
Kirk Whelan
------------------------------
From: Kirk Whelan <[EMAIL PROTECTED]>
Subject: Re: Possibly another Encryption method - any thoughts ?
Date: Wed, 20 Dec 2000 11:02:06 +0000
Hi Simon, thanks for replying.
I must admit some of the responses were a bit tongue in cheek :-)
No I wont retire, more of a pun really.
I don't really have a lot of time to study cryptoanalysis, as spend most
of my time in other areas. I tend to "write my own" so that I can
understand the area into which I am delving.
At this point in time, I cant see a weakness in the encoding method, due
to the diversity of the input encoding parameters, each of which makes
the decoding more difficult.
I have incidentally designed some very crafty software protection
systems,
that knew if they were being attacked by placing "easily" found machine
instructions that a potential hacker would have a "go" at first. If
they got to the 2nd, the 3rd would be flagged and would kick in, at some
point in the future. I thought it was quite clever, but we removed all
such code after the company that I work for, stopped the
production/shipping line for a "Gin" distributor, and starved London of
Gin one Xmas. OOPS wont do that again !!
OK, I have written a fuller explanation in the other reply to this
thread. Would you like to take a look and pass your comments.
Thanks again for your time, replying to me.
Kirk
>Kirk Whelan wrote:
>>
>> Hi Simon, thanks for replying, let me see if I can answer the points
>> that you have asked/raised.
>>
>> I have never heard the term
>> >'security through obscurity'
>> until I started to follow this newsgroup, so I am still learning ( not a
>> bad thing :-) )
>[...]
>> >When a system relies on people not knowing how it works for security,
>> >that's called 'security through obscurity'. It's generally accepted
>> >that it's a bad idea. Answer the following questions, in detail, to see
>> >why it's bad:
>> >
>> >1. What will you do if, during the lifetime of your cryptosystem, you
>> >learn that an adversary has found out how your cryptosystem works?
>> I theory, it shouldn't matter if someone did, in fact I will reveal all,
>> because I still think what I propose still has some life left in it, at
>> this stage. But I don't doubt I could be heading for retirement.
>
>There's no need to retire if one cryptosystem gets broken. What
>cryptographers usually recommend is that those learning cryptography
>learn about cryptanalysis, and do cryptanalysis, before devising their
>own ciphers. (Well, I must admit that I haven't myself followed that
>recommendation as such, but have spent time analysing mathematically
>similar problems in mathematically similar things.)
>
>> >2. What will you do if an adversary finds out how it works, but you
>> >never find out that an adversary has found out?
>> Foiled again !!
>>
>> >3. What will you do if a once trusted person turns into an adversary?
>> Has happened before and will happen again.
>> >
>> >4. How will you keep possible adversaries from finding out in the first
>> >place?
>> Don't know how to answer that.
>> >
>> >5. How will you reduce risks from things that haven't even occurred to
>> >you, me, or anyone else?
>> I wish I could see into the future....
>
>Alas, we humans generally seem to have great difficulty seeing into the
>future. What we can do is learn from the past and hope it's a good
>guide. Understanding how and why past, broken ciphers were broken is a
>good example here, as you'll then be in a better position to try to
>avoid such weaknesses in your own ciphers.
>
>[...]
>> So there you have it.
>> I only started this so that I could transfer "root" password across the
>> internet :-)
>
>You've gone to all that trouble to transfer a superuser password
>securely across The Internet? Why not use existing cryptographic
>software? What about SSL?
>
>> So no more obscurity.
>
>Not entirely. Your description was a bit too vague and ambiguous in
>places for me to really follow. You need to present it more formally,
>and spell out what you mean in detail.
>
>> --
>> Kirk Whelan
>
>Simon
>
--
Kirk Whelan
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list by posting to sci.crypt.
End of Cryptography-Digest Digest
******************************
