Re: Should be in crypto for John E. Hadstate Re: just stupid?

Crypto_at_S.M.S
Date: 07/19/05 

Date: Tue, 19 Jul 2005 11:24:13 +1000

Joe Peschel wrote:
> Crypto@S.M.S wrote in news:11dogfvn45rrv2a@news.supernews.com:
>
>
>>Joe Peschel wrote:
>>
>>
>>>Crypto@S.M.S wrote in news:11dn8dlfkou3i9d@news.supernews.com:
>>>
>>>
>>>
>>>>Joe Peschel wrote:
>>>>
>>>>
>>>>>" \"- Prof. Jonez©\"" <jonez@norcom.ca> wrote in
>>>>>news:VrICe.921$Bl2.9647@news.uswest.net:
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>>Joe Peschel wrote:
>>>>>>
>>>>>>
>>>>>>
>>>>>>>" \"- Prof. Jonez©\"" <jonez@norcom.ca> wrote in
>>>>>>>news:w2HCe.902$Bl2.8853@news.uswest.net:
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>>crack the CryptoSMS messages "in an hour" ... do it, jackass, or
>>>>>>>>admit the Ashwood claim is absurd.
>>>>>>>>
>>>>>>>
>>>>>>>Joe didn't claim he could crack the three ciphertext messages in
>>>>>>>an hour. Even Crypto@S.M.S knows that.
>>>>>>
>>>>>>So what did "Joe" claim, Joe ?
>>>>>>
>>>>>
>>>>>
>>>>>Joe didn't claim he could crack three ciphertext-only messages.
>>>>>
>>>>>Joe claimed:
>>>>>
>>>>> "...MD5 will be enough to uniquely identify each of
>>>>> these,and MD5 can be effectively reversed under
>>>>> these circumstances in under 1 hour."
>>>>>
>>>>
>>>>He claimed that, but it was an exaggeration.
>>>
>>>
>>>Was it? How do you know?
>>>
>>>
>>>
>>>>The cited article demonstrated that collision can be found
>>>>in an hour on a supercomputer, not on a personal computer.
>>>
>>>
>>>Which article did he cite?
>>>
>>>The quotation from Joe that I cited said nothing about a personal
>>>computer. Joe also said nothing there about executing the attack.
>>>
>>>Here's the entire graf:
>>>
>>> Certainly. Assuming a common passphrase length
>>> of around 20 characters, and assuming it is
>>> English, this will have 20-30 bits of entropy,
>>> MD5 will be enough to uniquely identify each
>>> of these, and MD5 can be effectively reversed
>>> under these circumstances in under 1 hour.
>>> This will yield the entire original passphrase,
>>> leading immediately to a complete compromise.
>>> So 1 hour.
>>>
>>>
>>>
>>>>If you are such an expert in cryptography,
>>>
>>>
>>>I don't believe I said any such thing. Where and when do you think I
>>>said I was an expert in cryptography?
>>>
>>>
>>>
>>>>>and Crypto@S.M.S. admitted:
>>>>>
>>>>> Yes, hashes are defeated on a scarily dependable basis.
>>>>>
>>>>>J
>>>>>
>>>>>
>>>>
>>>>And that is the reason why CryptoSMS overlaps six of them.
>>>>Also the reason why the six in use today will change to a
>>>>stronger six tomorrow.
>>>>
>>>>Because ciphers and hashes alike are regularly broken, you just can
>>>>not trust your secrets to a single algorithm.
>>>
>>>
>>>There is little reason to think that using overlapping ciphers and
>>>hashes per saltum makes a stronger cipher or hash. Overlapping one
>>>cipher with another may actually weaken the first cipher. Here's an
>>>extreme example. Say we can encrypt with DES and just to make it
>>>stronger we overlap that encryption with SED. Unbeknownst to us, the
>>>SED cipher not only weakens DES, but also fully decrypts it. Granted,
>>>we probably should be checking our ciphertext a bit more closely --
>>>but you see the point, don't you? The overlapping may undo the
>>>secrecy, or at least some of it, provided by the first cipher. So, if
>>>you are going to overlap one cipher with another, you might be better
>>>served to study fully the result of that overlapping encipherment as
>>>if it was a new cipher. Could take plenty of years.
>>>
>>>J
>>>
>>>
>>
>>If that were true, then triple DES would be weaker than DES.
>
>
> No. 3 DES (EDE) uses the same cipher, not a different one, three times.
> Triple DES has been thoroughly studied, too, unlike the combinations you're
> advocating. That's not say that 3DES couldn't be rendered insecure. Watch
> what happens to 3DES secrecy when you Encrypt-Decrypt-Encrypt using the
> same password.
>
>
>>Further, it would mean that you could attack one cipher by
>>re-encrypting with another cipher, and no such attacks have
>>ever been seen.
>
>
> That's just not true. Look at some classical ciphers.
>
>
>>Joe Ashwood came out in favor of multiple encryption in
>><wXUbe.2094$zu.569@newssvr13.news.prodigy.com>, where he wrote:
>>
>> Actually 3DES was used because it was the most analyzed around,
>> this came as a result of DES. If the key size were the only
>> consideration we would have all switch to IDEA or Blowfish or any
>> of the dozens of other good solutions. The tripling of the rounds
>> that is the result of the process actually serves a very solid
>> purpose, and the change of keys deals with the rest, leaving only
>> those attacks that work on the structure of the new cipher (e.g.
>> the attacks on 3DES work this way). 3DES was created because
>> someone said why not, 3DES remained because it resisted everything
>> anyone threw at it for over 2 decades, this was in large part
>> because of the fundamental structure of the triple encipherment.
>> The only situation where multiple encipherment with the same
>> cipher would not increase security is in the unlikely case that it
>> forms a group, IIRC there is actually a proof that Rijndael does
>> not (Rijndael was named AES but much of the original theory is
>> easier to find regarding Rijndael). The 7 layer encipherment is
>> the next reasonable step in the process.
>>
>>If triple encryption weakens a cipher, then septuple encryption must
>>really hurt.
>
>
> Joe was talking about DES and 3DES. See my comments on 3DES above.
>
>
>>Multiple encryption has been discussed at length in this newsgroup,
>>and many well known and recognised experts have come out in favor of
>>that approach. For example:
>>
>>http://www.ciphersbyritter.com/GLOSSARY.HTM#MultipleEncryption
>
>
> Even Ritter admits that adding a second cipher could weaken the first
> cipher.
>

No he doesn't.

http://www.ciphersbyritter.com/NEWS6/KNOWNPLN.HTM

>
>
>>Which begins with a quote from Shannon
>>
>> I have long proposed using a multiciphering "stack" of ciphers,
>> instead of just one which could be weak beyond our knowledge. I
>> have long proposed using multiple ciphers instead of just one, to
>> end any "break" which might exist.
>>
>
>
> That's not a quote from Shannon. It's quote from Ritter.
>
>
> J
>
>
>

Are you sure? Have you looked closely at pages 656-715 of the 1949
Bell System Technical Journal?

Relevant Pages

  • Re: MITM attack on 3TDES
    ... interesting was posted on USENET by Mark Mark Wooding on sci.crypt. ... Triple DES involves three keys, K1, K2, K3. ... Suppose you're given a plaintext block x and corresponding ciphertext ... Get a (plain text, cipher text) pair encrypted with some unknown ...
    (Security-Basics)
  • Re: Should be in crypto for John E. Hadstate Re: just stupid?
    ... >> The end result of a multiple encryption of cipher A, B, and C is the ... When we create the single cipher ABC from the cipher A, B, C we have ... if A is broken, I win with Multiple ...
    (sci.crypt)
  • Re: Should be in crypto for John E. Hadstate Re: just stupid?
    ... In this discussion of multi-layer encryption in general (and CryptoSMS ... > In practice, the multiple encryption tradeoff ... > in using just one cipher. ... of millions of test decryptions per second. ...
    (sci.crypt)
  • Re: Should be in crypto for John E. Hadstate Re: just stupid?
    ... I am talking about analyzing the cipher ABC that is the result ... The end result of a multiple encryption of cipher A, B, and C is the cipher ... > between ciphers using identical keys. ...
    (sci.crypt)
  • Re: Multiple Encryption (was a lot of things)
    ... serious and fundamental error in reasoning. ... >> In practice, the multiple encryption tradeoff ... >> in using just one cipher. ... > trumped by facts of which I was not aware, ...
    (sci.crypt)