Re: ... challenge?

From: Kai (nospamkai@webmail.co.za)
Date: 03/06/03

• Next message: Seznec Andre: "Post-doc position proposal"
• Previous message: Roberto Gallo: "Re: random numbers generator in hardware"
• In reply to: Douglas A. Gwyn: "Re: ... challenge?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

From: "Kai" <nospamkai@webmail.co.za>
Date: Thu, 6 Mar 2003 14:43:44 +0200

thank you,

again I have learnt something

Kai
"Douglas A. Gwyn" <DAGwyn@null.net> wrote in message
news:3E670116.7000609@null.net...
> Kai wrote:
> > what would be required to truly test the effectiveness of an
> > algorythm?
>
> Supposing that you mean, the difficulty an opponent would
> have compromising the secrecy of a system using that as
> an encryption algorithm: There is no way to determine
> that a system is truly secure merely by testing. What is
> necessary is a *theoretical* proof based on the structure
> of the algorithm and the usage and keying protocol, with
> clearly stated, reasonable assumptions (e.g.: availability
> of independent TRGs at both ends of a full-duplex channel).
>
> On the other hand, there is a chance that a weak system
> can be *shown* to be weak through successful cryptanalysis.
> But there is no reliable recipe for cryptanalysis. In fact
> without a large reward (cash and/or prestige) you might not
> even be able to attract any competent cryptanalysts to work
> on your problem. It is always possible that a weak system
> won't be successfully cryptanalyzed, so it is important to
> understand that lack of a crack doesn't imply security.
>
> For a handful of important published systems that have been
> attacked by many competent workers, e.g. DES, one can
> develop an intuitive estimate of the *likelihood* of an
> easy crack being found by an opponent whose capabilities
> are presumed to be no better than those of the published
> workers, which is better than no idea at all of the degree
> of protection, but there is no guarantee that somebody
> won't find a breakthrough technique. It's this relative
> comfort in knowing that many good attackers would have no
> luck that underlies the common recommendation to use a
> well-studied system thought to be sufficiently secure
> instead of inventing one's own system that has not undergone
> adequate scrutiny.
>

---

• Next message: Seznec Andre: "Post-doc position proposal"
• Previous message: Roberto Gallo: "Re: random numbers generator in hardware"
• In reply to: Douglas A. Gwyn: "Re: ... challenge?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(18)