Re: Should be in crypto for John E. Hadstate Re: just stupid?

From: Terry Ritter (ritter_at_ciphersbyritter.com)
Date: 08/09/05


Date: 8 Aug 2005 21:53:35 -0700

BRG wrote:
> Terry Ritter wrote:
>
> >>My main argument is that the added protocol complexity of using multiple
> >>ciphers carries a potential security cost that has to be weighed against
> >>the potential security advantage that multiple ciphers can offer.
> >
> > While "added protocol complexity" might be an
> > argument against selecting from a wide range of
> > ciphers, as I advocate, it has little to do
> > with Multiple Encryption. One could pre-select
> > which ciphers were to be used, in which case
> > there would be no selection protocol. But
> > there would be added redundancy.
>
> Ok, call it extra implementation complexity if you wish.
>
> > Moreover, the idea that Multiple Encryption
> > is no advantage contains the assumption that
> > the alternative single cipher is secure. But
> > that is not known. Cryptanalysis does not
> > tell us that. So there is and can be no value
> > to "weigh against." Implying otherwise is not
> > an argument, it is belief. It is wishes and
> > hopes, and if that were sufficient, we would
> > not need cryptography at all.
>
> Who said that multiple encryption carries no advantge?
>
> >>And in my experience the balance of advantage for common applications
> >>lies with the simpler single algorithm approach.
> >
> > Of course, unless you are an opponent, you
> > could not know about "the balance of advantage."
>
> The extent to which I can have confidence in my assessment of the
> balance of advantge does indeed depend on how much I know about the
> capabilities of the opponent.
>
> In most _common_ situations I will know enough about their capability to
> make a high confidence assessment of this (albeit not a perfect one).

In that case we will have to agree to disagree.

I think it is absolutely obvious that *nobody*
*could* have that information.

I think it obvious that having "confidence" in
any particular strength "assessment" is at best
delusion.

We do not know the weaknesses of the ciphers
we use because cryptanalysis does not tell us.
We do not know even what our guys can do, let
alone each of the various other guy
possibilities.

> Brian Gladman

---
Terry Ritter   1.3MB Crypto Glossary
http://www.ciphersbyritter.com/GLOSSARY.HTM