Re: TFM + RSA + Dual Core :-)

From: Tom St Denis (
Date: 08/07/05

Date: 6 Aug 2005 18:20:10 -0700

Crypto@S.M.S wrote:
> > Yeah, because I accomplish POSITIVE things. I have way more users of
> > my PUBLIC DOMAIN and totally FREE software/tools/documentation then you
> > have of your multi-ciphering annoyance. So every so often when I come
> > up with a result I feel like sharing I'd like to either be totally
> > ignored or have my 5 seconds of fame.
> >
> And how do you know that?
> Once again, you blow your own horn too loudly.

Well since you've already pre-determined the path of most ignorance
there isn't much point in discussing. I'm not saying anything one way
or the other anymore just to let you know that I'm not replying to
further communication from you on this matter.

> > And of course I could point out that the other guys comments are both
> > unsubstantiated AND off topic. The topic of this thread is using "off
> > the shelf" components and in particular SMP to accomplish fast RSA.
> Sure point it out. My comment wasn't on topic for this thread either,
> like that matters even a tiny little bit.

There are ways to inject off-topic material that uses a bit more tact.
What he started replying with wasn't off-the-cuff rude. It was just
inappropriate for the thread.

> > Using a setup that has a higher cost can get more performance? No way!
> > Shocker! If I had 30k I could license one of the designs I work on at
> > my work and get way higher performance. So I don't see what his
> > comments have to do with ANYTHING other than to detract from the
> > thread.
> >
> > How's that for a reply?
> >
> Wonderful. Just please stop trying to make others feel that they
> are not "good enough", when you complain about exactly the same thing:
> So I could really do without the people like Robert and Tim [and a
> few people on lkml] telling me to shelve my projects because I'm not
> "good enough".

You keep quoting that. I don't think you fully understand the context.

And frankly, your "contributions" here aren't really that significant.
You're clearly a student [or amateur cryptographer] which as I've said
repeatedly is not a bad thing. I admire students who pursue knowledge
in all walks of life. To me there is nothing more pure and innocent
than figuring out new information and trying to use it for some good
[e.g. helping others].

What you've maintained here though is not innoncent nor productive.
You use entirely heuristic and anecdotal evidence in the place of
historical and factual information and truths then pretend you're being
persecuted when things don't go you're way.

I don't disagree with you because you're "cryptosms guy". I don't
disagree with you on any sort of personal level. I disagree with you
because your approach to cryptography leaves a lot to be desired. It's
just plain wrong and it's not how others should be approaching it.

Think about it. If an entire generation of kids grows up with this ad
hoc alchemist arrogant approach to cryptography we'll basically come to
a standstill of all advancement in under 30 years.

So you question why we [real cryptographers] get a bit defensive? It's
because we don't want to see shit products out there and generations of
kids growing up thinking the path of least resistance in all endeavours
is the right way.

Cryptography is hard and rightly so. You can either do it the right
way and not presume that the solution is right in hand or you can do it
the wrong way and assume that your approach is infalliable [or at least
the most efficient and well studied]

I'd respect you more if you [say] took AES and added 4 rounds to it [or
just used anubis for instance]. At least then you can say "yes, this
guy gets it". At least something like that you can say "he's using the
structure of the design and adding more robustness" [*]. But just
concatenating ciphers that aren't [seemingly] related is not a
scientific approach in the slightest.

To answer Regis'es repeated calls for "truth" on the Differential
front... The basic attack described in 1990 is the foundation for over
a dozen broken ciphers. Sure the "exact same differentials" were not
used but I'll let you in on a secret, not all ciphers are broken using
the same iterative differential. Occasionally you strap different
differential characteristics [or just plain differentials] to get
through the entire design [iirc the Boomerang attack is a form of
this]. Regis would know this had he picked up a paper or two on the
subject and read it.

Instead people like him and you decide that you can just openly
question and mock people when they're not telling you how smart and
brilliant you are.

The "next big attack" could just as easily be applicable to AES as it
is to Blowfish. You just don't know. To argue in favour of the
negative while defending the "you don't know" logic as others have
maintained is plain stupid.

[*] AES has a well described 4R pattern so adding multiples of 4 to the
round count makes sense.