Re: Needle in a haystack--or is this just stupid?
From: Unruh (unruh-spam_at_physics.ubc.ca)
Date: 27 Jun 2005 19:06:30 GMT
"John E. Hadstate" <email@example.com> writes:
><Crypto@S.M.S> wrote in message
>> The underlying layers are protecting against the most
>> failure: a new algorithm which makes your hashing or
>> algorithm less than secure.
>If you don't have complete faith in a particular algorithm,
>why are you using it at all? If you do, why bother with
>"layering?" An attacker is not going to peel off layers;
>he's going to attack the whole concoction.
Because complete faith is unavailabe. Thus one needs to use something in
the fact of incomplete faith.
>There's no real reason to think that your "layered" cipher
>is more difficult to attack by treating it as a black box
>and ignoring the layering altogether. (Read on.)
I assume that you are playing with the meaning of "real". Two cyphers
cascaded with different keys are almost certainly "stronger" than single
ones. Almost everyone has faith that 3DES is substantially stronger than
DES, even if it is just a cascading with different keys.
>> Please read
>> this link, as it makes the point very clearly about
>> yet to be discovered attacks:
>I have read most, if not all, of Terry's web pages. I agree
>with most of his conclusions, am fascinated by some of them,
>and am utterly baffled by a tiny fraction of them. Terry
>is, so far as I know, a successful crypto engineer who tends
>to do things his own way. I won't fault his approach.
>It makes no sense to me that we should conclude that the
>composition of two ciphers is "more secure" than either
>cipher alone when we can't agree on how to quantify what we
>mean by "secure". We can't prove that any unbroken cipher
>is "secure", so how can we prove that the composition of two
>such ciphers is "more secure". It's not reasonable, and
>it's not even common sense.
Prove and have confidence are not the same thing. No I cannot prove that
3DES is any stronger than Ceasar. But the absense of any way of breaking
3DES despite may years of trying gives me confidence in it, so that I would
much rather use it than Ceasar, even if I have no proof.