Re: Question about bit strength




"Johnny Bravo" <baawa_knight@xxxxxxxxx> wrote in message
news:gjseg2hgl3m0lbuf8il8h61dr5kft5b6ht@xxxxxxxxxx
On Wed, 13 Sep 2006 10:40:53 +1000, "Antony Clements"
<antony.clements@xxxxxxxxxxxxxxx> wrote:

Hi i'm a software delveoper, for the last few years i have
been toying
around with a hybrid block cypher. I have two
implementations of the
algorithms i have produced, both work flawlessly to
encrypt/decrypt content,
but I am still unsure as to the bit strength of these
algorithms. I have had
answers ranging from 64-bit through to 512-bit and beyond
depending on who i
have asked to bit test them. All Keys used have elements
derived by a
P.R.N.G. and the plain text is padded so that the cypher
text is easier to
produce, after which the padding is removed and the cypher
text written to a
file so there is no increase in size as with other
methods. Each algorithm
is capable of encrypting/decrypting strings well in excess
of
18446744073709551615 characters with the ability to
encrypt a folder
containing 13 files totalling 227KB in 15-20 seconds. I
was wondering if
anyone with the knowledge to bit test my algorithms could
please do so.

The strength of a properly implemented secure
algorithm is based entirely on the size of the keyspace

Doesn't blocksize have something to do with it?

and has nothing at all
to do with how much data it can
handle or how fast it can handle it.

Cryptography is a process of reversibly transforming data
from one (possibly dynamic) encoding to another based on a
parameter, "the key". Security depends on the degree of
difficulty of reversing the transformation without "the
key". Doesn't it seem plausible that the degree of
difficulty of reversing the transformation may depend
somewhat on its complexity, which may in turn determine how
fast it can process data?

On the other hand, perhaps the OP was saying, "Look how SLOW
my algorithm is; it must be very complex, therefore very
secure." There was a long thread in sci.crypt several years
ago that probed various features of this concept. In
general, the goal is to maximize security and speed at the
same time.

It's [the OP's question] equivalent to asking "I built
a red car, can anyone tell me how fast it will go?"

No argument here.


Without professional cryptanalysis of your algorithms
you can't be sure your hybrids have any security at
all, no matter how large the keyspace is; even then
that's not a guarantee but it's a lot better than no
analysis at all.

Professional peer review has no bearing on the security of
the cipher--the security is what it is. Cryptanalysis can
expose exploitable weaknesses in a cipher in the same way
that peer review can expose problems in anything, but that's
about all you can expect.


.