Re: Meganet on Cryptogram again

From: Mxsmanic (mxsmanic_at_hotmail.com)
Date: 09/18/03 

Date: Thu, 18 Sep 2003 11:18:41 +0200

Scott Contini writes:

> You CAN discount an algorithm because it has NOT BEEN
> PUBLICALLY ANALYZED BY EXPERTS IN THE FIELD.

So all the most important secrets of the USA are being protected by
discountable algorithms? After all, they haven't been publicly analyzed
by experts in the field.

> Unless, of course, you want to be optimistic and HOPE
> that maybe this is the new great thing, even though it hasn't
> proved itself in anyway. But quite frankly, if you're
> so optimistic in the first place, then why should you
> think anybody will try to eavesdrop on your data anyway?
> In that case, maybe you do not need any security at
> all!

You're describing a false dilemma. It's not a choice between secure and
insecure, it's a balance between potential loss and the cost of
security. A cryptosystem need only provide enough protection to make
its compromise too expensive in relation to the value of the secrets it
protects. It doesn't have to be unbreakable.

> They are attempting to side-step the analysis process.

What analysis process? Nobody has offered to attack their algorithm,
from what I understand.

> Nobody has posted a PUBLIC attack on their algorithm. That does not
> mean it has not been attacked and broken.

That is true for all algorithms, so it does not work against Meganet's
algorithm in particular.

> You submit your algorithm to the security community to have
> it publically analysed in order to prevent such huge blunders
> before they happen. Meganet has not done this.

They don't have to, and perhaps they shouldn't. It seems that not
revealing the algorithm is itself sufficient to prevent anyone from
trying to attack it.

Cryptanalysts may be spoiled. Sure, it's nice to have the algorithm in
front of you, but in the real world, adversaries don't provide you with
copies of their cryptosystems in order to facilitate your analyses. And
if you refuse to attack any system for which you don't have all the
manuals, then any undisclosed system is unbreakably secure--security by
obscurity works. 

-- 
Transpose hotmail and mxsmanic in my e-mail address to reach me directly.

Relevant Pages

  • Re: Simple Unbreakable (Sipher Idea)
    ... >It's no good for database protection, ... I am not that sure that algorithm would be completely that slow ... Kind of a protection against computers not seen in wildest of ... two correct 512 bit CS-hashes from one joined 512-bit block. ...
    (sci.crypt)
  • [PATCH] token based thrashing control
    ... The following experimental patch implements token based thrashing ... protection, using the algorithm described in: ... * Try to grab the swapout protection token. ...
    (Linux-Kernel)
  • Re: Implementing software licensing in FreeBSD
    ... > would make it difficult for someone to trace the algorithm and/or make ... the license keys and calling that code pervasively throughout your program. ... Copy protection will never do as it's intended. ...
    (freebsd-questions)
  • Re: what should "k-bit security" mean?
    ... What is the time t of an attack? ... algorithm to end of execution of the algorithm. ... Suppose the problem is inverting SHA1. ...
    (sci.crypt)
  • Re: what should "k-bit security" mean?
    ... |>An algorithm that provides X bits of strength would, on average, take ... And this is the measure that we used in the NTRU paper ... because some keys take so much less time than others to attack ... Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org ...
    (sci.crypt)