Cryptography-Digest Digest #944, Volume #11 Mon, 5 Jun 00 05:13:01 EDT
Contents:
Re: Cipher design a fading field? (Benjamin Goldberg)
Re: Actually this person faxed me an article of the U.S. commercial espionage in
August, 1995 good work Tatu Ylonen ... actually I have tried to provide some
intel in the past ... ([EMAIL PROTECTED])
Re: No-Key Encryption (Mok-Kong Shen)
Re: RSA Algorithm (Mok-Kong Shen)
Re: Cipher design a fading field? (Mok-Kong Shen)
Re: Cipher design a fading field? (Mok-Kong Shen)
Re: Faster than light Cryptanalysis (Mok-Kong Shen)
Re: HTML encryption (Niklas Frykholm)
Re: TC3 Update (Niklas Frykholm)
Re: An interesting page on the Rabin-Miller PP test (Robin Chapman)
Re: XTR independent benchmarks (Wei Dai)
Re: Newcomer seeks clarification re download encryption (David Formosa (aka ? the
Platypus))
Re: HTML encryption (Mark Wooding)
From: Benjamin Goldberg [EMAIL PROTECTED]
Subject: Re: Cipher design a fading field?
Date: Mon, 05 Jun 2000 07:11:46 GMT
Mok-Kong Shen wrote:
John Savard wrote:
"Douglas A. Gwyn" [EMAIL PROTECTED] wrote, in part:
(a) It has not been demonstrated that a group of amateurs can
in fact design a truly "strong" cipher.
I wouldn't want to try decrypting something enciphered using
Blowfish.
But you are right, although what 'has not been demonstrated' is very
nearly inherently impossible to demonstrate.
I think that the question is ill-defined and can't be properly argued.
I agree. It's impossible to show that any cipher is a ''truly "strong"
cipher.'' It is only possible to show that a cipher is weak.
In fact, if an amateur succeeds to design a strong cipher (we put
aside the issue of 'strong'), then he is thereafter counted as a
professional. Thus the proposition that no amateur has designed a
strong cipher is sort of tautology.
It isn't *designing* a strong cipher that gets one considered a
professional, it's discovering and publishing a reviously-unknown
'break' in an existing well-known cipher.
(b) I wish that the amateurs would quit inventing a plethora
of new encryption schemes until they have figured out how to
defeat the existing ones. This may be relevant to your thesis.
But just because _they_ don't know how to crack the existing ones
doesn't mean...
I don't think that there is any professional who has done the
excercise of cracking all ciphers that exist, before he attains the
status of being professional.
Heh, "all ciphers that exist" ... there are more new ciphers being
invented all of the time, so of course one isn't expected to be able
to break *all* of them to be a professional... Just one or two of the
more well-known ciphers, and to publish those findings.
On the other hand, cryptanalysis knowledge is evidently required for
a good design.
Not necessarily... it's entirely possible that one could create a strong
cipher with a lot of mathematical knowledge, a little bit of luck, and a
little cleverness. Of course, unless you are already considered a
professional -- that is, have broken other people's ciphers, and
published those breaks -- it's less likely that anyone will consider
your cipher seriously.
However, I doubt that cryptanalysis of lots of very old ciphers are
unconditionally advantageous (from a economical point of view) for
would-be designers. For, if too much time is spent on these, one will
never finish to be able to learn the more modern stuffs. (I believe
that what wtshaw once expressed as 'climbing the fool's hill' is
related to this issue. BTW, there might be certain people wishing to
sponsor that sport, because that can be fun.)
How many do you consider "lots of," and what ciphers do you consider
"very old?" While breaking every pre-existing cipher isn't necessary
to be a professional, it *is* important to understand how 'classical'
ciphers work, and why they are no longer used, so as not to incorporate
the same problems into your own ciphers.
Will AES be the -final- cipher?
Of course not. It won't even be the final encipherment
scheme that somebody eventually figures out how to crack.
that someone else might not. So, people who want security *now*
might well need something that has a chance of being better than
what exists.
For those who are conservative and believe (whether justified or
not) to be in need of higher security, the way of multiple encryptions
is always open.
--
From: [EMAIL PROTECTED]
Crossposted-To: alt.politics.org.cia,so.culture.nordic,soc.culture.russian
Subject: Re: Actually this person faxed me an article of the U.S. commercial espionage
in August, 1995 good work Tatu Ylonen ... actually I have tried to provide some
intel in the past ...
Date: Mon, 05 Jun 2000 07:18:27 GMT
I'm sorry but