> ----------
> From: Anonymous[SMTP:[EMAIL PROTECTED]]
Peter Trei wrote....
> >is easy to throw around, but where's the evidence?
>
> Your whole post is an act of faith (what can and cannot be brute forced
> or cryptanalyzed), and then you ask for evidence ?
>
> Or maybe I am unaware of NSA's practice to publish their achievements
> in NYT, and use distributed.net clone for cracking ?
>
> The point of a cypher is to be secure. Ability to encrypt OC192 is not
> a substitute.
>
> I cannot provide evidence that brick without support falls to the ground,
> but I have seen enough bricks behave this way in the past to make a bet.
>
> Evidence: do you know how many *decades* it took germans to find out that
> allies broke Enigma - and then they had hard time believing it. But you
> must be so much genetically superior and more intelligent than germans, so
> that this can not happen to you ? For similar examples do some reading
> yourself.
>
> If Feistel nets continue to be (publicly) unbroken for the next several
> decades, that will be a unique event in crypto history.
>
> But if you provide me *one* example of mainstream experts correctly
> evaluating contemporary in-use ciphers in the last 500 years (hint: all
> broken except OTP), I will concede benevolency of 3-letter agencies.
>
I was responding to "No User"'s claim that NSA's publication of hardware
speed ratings of the AES candidates was somehow going to spike the
AES selection process. The point is, none of the candidates came from,
or have been modified by, the NSA. Even imputing the worst possible
motives to the NSA, the most they could do is try to shift the selection
to one candidate or another. This vastly weakens their ability to
subvert the AES.
"No User" called for an unspecified 'new paradigm' for encryption, and in
particular seemed suspicious of Feistel nets. Well, what is this
'new paradigm'? Are you just trying to command one into existance
by a process of vigorous assertion?
There's a tension between working with a system which has been
extensively tested and beaten upon, and is well understood by many
experts in the field, versus using one which incorporates the latest
ideas, but which has received little scrutiny. The former may have
known, well quantified weaknesses (eg, brute-force on DES), but the
latter may turn out to be fragile on further examination. There's a
reason why triple DES is regarded as the conservative choice
for security.
As for a 'mainstream experts correctly evaluating comtemporary
in-use ciphers', if you knew the field you'd know that you need
look no further than DES. Whit Diffie (see his forward to 'Cracking
DES') was speculating about bruting DES from *before* the day it
was published in 1975. Read Weiner's 1993 paper on building a
DES cracker.
No knowledgable 'mainstream expert' ever claimed that DES
could not be brute-forced, from the day it was published.
Peter Trei
(usual disclaimers)
Peter Trei
[EMAIL PROTECTED]
