Re: NSA and crypto
- From: "David A. Scott" <daVvid_a_scott@xxxxxxxxx>
- Date: Sat, 20 May 2006 00:21:59 +0000 (UTC)
"Ed Weir \(ComCast\)" <Anon@xxxxxxxx> wrote in
news:gM2dnZeHhcQux_PZRVn-hA@xxxxxxxxxxx:
I have neither the time or the inclination to devise any tests for
your software; this is always the responsibility of the author, to
provide data from unit tests and from independent testing along with
criteria, data controls and results. In all this time, has anything
been done to provide this? If not, how can any serious consideration
ever be expected? -- Ed.
Well the test have been done. If you still think gzip is better to use
then dream on. You really need a bijective compress so that no information
is added to the file. You would be much better off using BICOM than
gzip with AES.
I see you are aruging with little Tommy much has not changed he has
no concept of entropy or Unicity Distance. It is strange he seems
to think if the file is compressed and has same amount of entropy
as a long uncompressed file that it may be easier to break the shorter
file that has a higher entropy density. However he does have a point he
just does not see it. The gzip file with AES may be easier to break
than AES alone since the gzip carries with it a signature that is its
not bijective even if you carefully remove all the headers.
Let me give a simple example that you and Tommy could both understand.
Say you have a file of very high entropy in fact lets say that whatever
tests you run on it. It seems to be random. Encrypt this with AES using
little Tommys favority chaining method. Any key you test leads to
a file that could be encrypted to the same file. So this file was
as safe as possible every key goes to a possible valid file.
Know lets take this file and do gzip remove what you think the headers are
the file may look random to your eyes. then encrypt it. Know try to decrypt
with wrong key. You will likely end up with a file that even if you add the
throwen away headers. It will either not compress or if it does decompress
when you recompress it will not match the starting file just before you did
the decompression. This means that the key he tested can be rejected since
you foolishly did the gzip. So in fact little Tommy might be right based
in information in the file that was added when the gzip occured.
Don't feel to bad this is overlooked by just about everyone doing
compression and then encryption. I wonder why is this is there
some dark force forcing people to weaken there crypto you tell me.
David A. Scott
--
My Crypto code
http://bijective.dogma.net/crypto/scott19u.zip
http://www.jim.com/jamesd/Kong/scott19u.zip old version
My Compression code http://bijective.dogma.net/
**TO EMAIL ME drop the roman "five" **
Disclaimer:I am in no way responsible for any of the statements
made in the above text. For all I know I might be drugged.
As a famous person once said "any cryptograhic
system is only as strong as its weakest link"
.
- Follow-Ups:
- Re: NSA and crypto
- From: tomstdenis
- Re: NSA and crypto
- From: Ed Weir \(ComCast\)
- Re: NSA and crypto
- References:
- NSA and crypto
- From: David A. Scott
- Re: NSA and crypto
- From: David Wagner
- Re: NSA and crypto
- From: David A. Scott
- Re: NSA and crypto
- From: David Wagner
- Re: NSA and crypto
- From: Ed Weir \(ComCast\)
- Re: NSA and crypto
- From: David A. Scott
- Re: NSA and crypto
- From: Ed Weir \(ComCast\)
- NSA and crypto
- Prev by Date: Re: NSA and crypto
- Next by Date: Re: NSA and crypto
- Previous by thread: Re: NSA and crypto
- Next by thread: Re: NSA and crypto
- Index(es):
Relevant Pages
|
