Re: Meganet on Cryptogram again
From: Scott Contini (contini_at_matmail.com)
Date: 09/18/03
- Next message: foo: "Re: CryptAnalysysts Stuff: Please try to decrypt the message."
- Previous message: John E. Hadstate: "Re: Meganet on Cryptogram again"
- In reply to: Mxsmanic: "Re: Meganet on Cryptogram again"
- Next in thread: Mxsmanic: "Re: Meganet on Cryptogram again"
- Reply: Mxsmanic: "Re: Meganet on Cryptogram again"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: 17 Sep 2003 19:31:20 -0700
Mxsmanic <mxsmanic@hotmail.com> wrote in message news:<t2mhmvom61thm7aic03466tie1qjo9l0m8@4ax.com>...
> David Wagner writes:
>
> > Your claims don't follow. Just because no academic bothers
> > to break the Meganet algorithm, doesn't mean that adversaries who
> > really care haven't broken it. If the bad guys break the Meganet
> > scheme, they're not likely to tell us!
>
> My point is that you cannot discount an algorithm just because someone
> claims it is insecure. That's exactly what an adversary would claim
> about a secure algorithm, if he wished to discourage its use. Unless
> the adversary publishes a successful attack on the algorithm, you cannot
> trust what he says.
>
You CAN discount an algorithm because it has NOT BEEN PUBLICALLY ANALYZED
BY EXPERTS IN THE FIELD. Unless, of course, you want to be optimistic
and HOPE that maybe this is the new great thing, even though it hasn't
proved itself in anyway. But quite frankly, if you're so optimistic in
the first place, then why should you think anybody will try to eavesdrop
on your data anyway? In that case, maybe you do not need any security at
all!
To do security right, you have to be pessimistic. Never trust an algorithm
until you and others with expertise have put considerable effort into
trying to disprove it, and have failed, and you have reason to believe that
the security claims are well justified. None of this has happened with
Meganet. They are attempting to side-step the analysis process. They
know very little about security, and such people have a terrible track
record for building security systems. If you want to trust the security
of your data with Meganet, then go ahead. But if that is the case, I
would believe that you either don't have valuable data, or else you are
making a very unwise decision.
> > It is irresponsibly risky to use unevaluated algorithms
> > (like Meganet's stuff) when evaluated algorithms (like AES) are
> > available.
>
> It's the user's choice. I personally see no reason to use Meganet's
> software, and their claims do not impress me, but it appears that nobody
> has successfully attacked their algorithm, and until someone does, ex
> cathedra pronouncements that it is unsound are mere conjecture.
Nobody has posted a PUBLIC attack on their algorithm. That does not
mean it has not been attacked and broken. You submit your algorithm
to the security community to have it publically analysed in order to
prevent such huge blunders before they happen. Meganet has not done
this.
Scott
- Next message: foo: "Re: CryptAnalysysts Stuff: Please try to decrypt the message."
- Previous message: John E. Hadstate: "Re: Meganet on Cryptogram again"
- In reply to: Mxsmanic: "Re: Meganet on Cryptogram again"
- Next in thread: Mxsmanic: "Re: Meganet on Cryptogram again"
- Reply: Mxsmanic: "Re: Meganet on Cryptogram again"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
