Re: Hand Waving vs. Rigorous Analysis... (was Security Engineering vs. Crypto Academics...)

From: Peter Gutmann (pgut001_at_cs.auckland.ac.nz)
Date: 09/07/04

• Next message: Don Dunham: "Encryption of Computer screen typing?"
• Previous message: Tom St Denis: "Re: A basic question about hashing"
• Next in thread: David Wagner: "Re: Hand Waving vs. Rigorous Analysis... (was Security Engineering vs. Crypto Academics...)"
• Reply: David Wagner: "Re: Hand Waving vs. Rigorous Analysis... (was Security Engineering vs. Crypto Academics...)"
• Reply: Michael Amling: "Re: Hand Waving vs. Rigorous Analysis... (was Security Engineering vs. Crypto Academics...)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: 7 Sep 2004 04:18:13 GMT

"Patrick J. LoPresti" <patl@users.sourceforge.net> writes:

>For example: Instead of using one of the standard, NSA-recommended
>block cipher modes, the Kerberos designers invented their own
>("Propagating Cipher Block Chaining"). Very clever.

There was nothing else available, they had no choice.

>I seriously doubt that Biham/Shamir/etc. are going to download the
>Linux /dev/random source code and analyze it. So why not restrict
>yourself to algorithms which the experts HAVE analyzed?

Because the necessary algorithms frequently haven't been invented/analysed by
cryptographers. See "The Crypto Gardening Guide and Planting Tips",
http://www.cs.auckland.ac.nz/~pgut001/pubs/crypto_guide.txt, for more:

  There has been a great deal of difficulty experienced in getting research
  performed by cryptographers in the last decade or so (beyond basic
  algorithms such as SHA and AES) applied in practice. The reason for this is
  that cryptographers don't work on things that implementors need because it's
  not cool, and implementors don't use what cryptographers design because it's
  not useful or sufficiently aligned with real-world considerations to be
  practical.

Peter.

---

• Next message: Don Dunham: "Encryption of Computer screen typing?"
• Previous message: Tom St Denis: "Re: A basic question about hashing"
• Next in thread: David Wagner: "Re: Hand Waving vs. Rigorous Analysis... (was Security Engineering vs. Crypto Academics...)"
• Reply: David Wagner: "Re: Hand Waving vs. Rigorous Analysis... (was Security Engineering vs. Crypto Academics...)"
• Reply: Michael Amling: "Re: Hand Waving vs. Rigorous Analysis... (was Security Engineering vs. Crypto Academics...)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: FUD about CGD and GBDE ... it would really be desirable for the cryptographers to come ... specialized conferences for the cryptographers. ... When the Chinese team that cracked a bunch of hash algorithms ... You have not actually studied GBDE yet, ... (freebsd-hackers) Re: FUD about CGD and GBDE ... > I have a better idea: Why don't we get the cryptographers to ... > You have not actually studied GBDE yet, ... >> carefully use standard algorithms in a standard way. ... CBC would be a problem and outer CBC is not -- and yet inner CBC is a ... (freebsd-hackers) Re: Hand Waving vs. Rigorous Analysis... (was Security Engineering vs. Crypto Academics...) ... Peter Gutmann wrote: ... > algorithms such as SHA and AES) applied in practice. ... > that cryptographers don't work on things that implementors need because it's ... (sci.crypt) Re: Hand Waving vs. Rigorous Analysis... (was Security Engineering vs. Crypto Academics...) ... David Wagner wrote: ... >> algorithms such as SHA and AES) applied in practice. ... >> that cryptographers don't work on things that implementors need because it's ... (sci.crypt) Re: What is the best way to create and validate an MD5 file fingerprint? ... cryptographers began to recommend using other ... algorithms, such as SHA-1. ... discovered making further use of the algorithm for security purposes ... (microsoft.public.scripting.wsh)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(11)