--- John Hebert <[EMAIL PROTECTED]> wrote: > --- Dustin Puryear <[EMAIL PROTECTED]> wrote: > > At 04:53 PM 6/19/2002 -0500, you wrote: > > > > At 02:09 PM 6/18/2002 -0500, you wrote: > > > > >Just offhand I'd say that didn't sound too bad > > ... if the > > > > security is to > > > > >be any good it *ought* to require a bit of cpu > > time. > > > > Basically it's a > > > > > > > > Why do you think that? > > > > > > > > Regards, Dustin > > > > > >Just a gut feeling Dustin, if it's very easy (i.e. > > quick) to encrypt > > >then it will probably be relativly easy to decrypt > > by a brute force > > >attack. > > > > I disagree, and here is why. Most encryption > > algorithms are based on a > > function, or set of functions, where it is easy to > > determine b given: > > > > f(z) = b > > > > However, the idea is that it should be extremely > > difficult to determine z > > given b. > > > > I'm not saying that some encryption algorithms don't > > have a relatively high > > computational requirement for computing b, but there > > is no reason why that > > would be necessary or, more to the point, desirable. > > > > A good example of this type of function, and > > something heavily used in > > cryptography, is the use of the product of primes. > > One of the fundamental > > laws of mathematics (anyone remember which one? I > > know it has "Fundamental" > > in it somewhere) is that all whole numbers are the > > product of a unique set > > of primes. The trick is that even though everyone > > knows a really large > > whole number is the product of primes, it is > > computationally expensive to > > determine those prime numbers for numbers larger > > than some currently > > defined limit. Basically, it boils down to this. > > > > It takes me half a second to perform the following > > multiplication: > > > > 3 x 3 x 11 = 99 > > > > But it takes me two or three seconds to figure out > > that the component > > primes of 99 are 3, 3, and 11. The difference > > between the computational > > time required to compute the product of primes and > > the time required to > > determine the component primes of a number diverges > > rather quickly. (Quick, > > what are the component primes of 1,034,325?) So.. I > > guess that's my point. > > One computation is *relatively* easy, while the > > other is just plain hard. > > Wait a sec. You are basing your observation on the > time it takes _your_ brain to factor component primes? > :) I know, I know, this was merely an anology. > > But I don't follow your argument. > > First, you say that there is no _necessary_ reason > that encryption/decryption should require lots of CPU > overhead. Then you give an example where computing the > prime factors of a small number takes less computing > power than a large number. Doesn't that example give > more weight to Edward's assumption that better > encryption needs more CPU power? > > Let me make sure I understand what you are saying, > when you say: > > f(z) = b > > I assume b is the message that is secret, and z is the > private encryption key, and f(z) is a PKI kinda > encryption algorithm. Is this true? > > Please make your argument very plain, for I am quite > dense. > > John Hebert >
This is just my humble opinion and based on experience in the military and with corporate espionage - AKA "Marketing Research"... Almost any algorithm must give away a piece of itself in the message at some point. Aside from the methods "they" are working on using the popularly called "spooky action at a distance" there is no very secure, very fast encryption. Remember the old saw? "You can have it good, cheap or fast. Pick any two." Even if you make it very difficult, you can not make it perfect. However, you can make it expensive enough that most people would choose social engineering rather than brute force. Further, with methods available today it would be possible to tell that you had been cracked rather quickly, again, making social engineering a prefered method. It is far easier and cheaper to trick an employee, buy a mole, or simply "tour" a facility than it is to hack the encryption. A summer intern with the ability to wander around and read IDs & passwords off the yellow sticky notes and pick up the printed instructions on how to connect remotely can be bought for beer money. Better to buy a shredder and force strong passwords and expire them quickly than lose too much sleep over the encyption. The trick is to balance good encryption with good internal security policies. Setup some tripwires and a honey pot just so you know when it happens, because if someone wants in, it will happen. ===== Warmest Regards, Doug Riddle http://www.dougriddle.com ## Firearms are second only to the Constitution in importance; they are the Peoples' Liberty Teeth." - George Washington ## __________________________________________________ Do You Yahoo!? Yahoo! - Official partner of 2002 FIFA World Cup http://fifaworldcup.yahoo.com
