Re: My my, how time flies ...... it's been about "1 hour" -- anyone cracked CryptoSMS yet?
From: Xcott Craver (caj_at_B-r-a-i-n-H-z.com)
Date: 09/06/05
- Next message: David Wagner: "Re: Odd behavior of CryptoSMS; was: Re: My my, how time flies ...... it's been about "1 hour""
- Previous message: William L. Bahn: "Re: Need help solving a puzzle. Please."
- Maybe in reply to: Mark Nudelman: "Re: My my, how time flies ...... it's been about "1 hour" -- anyone cracked CryptoSMS yet?"
- Next in thread: Xcott Craver: "Re: My my, how time flies ...... it's been about "1 hour" -- anyone cracked CryptoSMS yet?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 06 Sep 2005 06:45:10 GMT
\"- Prof. Jonez©\" <!> wrote:
>
>What makes you think any attacker would have the source code
>of any given encryption program to work with?
I think you misunderstand: even if it is unlikely for an adversary to
get the source, you should design and test the system under those
conditions. The system should be secure even if the source is divulged.
The reason for this is that the security of your system should rest
on quantifiable aspects, for example the size of your keyspace.
You cannot easily quantify the difficulty of obtaining the source.
Likewise, you cannot easily quanitfy the difficulty of finding a
hidden Post-It note with your key. We know how many 128-bit keys there
are; how many distinct hiding places are there in my office? How can
you choose a random hiding place uniformly? What is the entropy of my
desk?
What we call "obscurity tactics" amount to relying on secrets whose
secrecy is difficult to model quantitatively. Since you cannot rely
on those secrets when assessing a system's security, you should
assume they are known.
This is perhaps the most common misconception about Kerckhoffs's
Criterion: it is not meant to be a prediction about the adversary,
rather it is a design principle. People mistakenly think it is an
overly pessimistic and unrealistic assumption, and then foolishly
decide that they can ignore it.
Imagine if that logic was used to design an elevator. "This says
we need at least 2000 lbs capacity. That'll never happen!"
--S
--
"A holiday fixes up your brains.
It's like being swallowed by a wolf then punching his guts from the inside."
--Shelly Winters
- Next message: David Wagner: "Re: Odd behavior of CryptoSMS; was: Re: My my, how time flies ...... it's been about "1 hour""
- Previous message: William L. Bahn: "Re: Need help solving a puzzle. Please."
- Maybe in reply to: Mark Nudelman: "Re: My my, how time flies ...... it's been about "1 hour" -- anyone cracked CryptoSMS yet?"
- Next in thread: Xcott Craver: "Re: My my, how time flies ...... it's been about "1 hour" -- anyone cracked CryptoSMS yet?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
