Re: Question about bit strength




"Johnny Bravo" <baawa_knight@xxxxxxxxx> wrote in message
news:gjseg2hgl3m0lbuf8il8h61dr5kft5b6ht@xxxxxxxxxx
On Wed, 13 Sep 2006 10:40:53 +1000, "Antony Clements"
<antony.clements@xxxxxxxxxxxxxxx> wrote:

Hi i'm a software delveoper, for the last few years i have
been toying
around with a hybrid block cypher. I have two
implementations of the
algorithms i have produced, both work flawlessly to
encrypt/decrypt content,
but I am still unsure as to the bit strength of these
algorithms. I have had
answers ranging from 64-bit through to 512-bit and beyond
depending on who i
have asked to bit test them. All Keys used have elements
derived by a
P.R.N.G. and the plain text is padded so that the cypher
text is easier to
produce, after which the padding is removed and the cypher
text written to a
file so there is no increase in size as with other
methods. Each algorithm
is capable of encrypting/decrypting strings well in excess
of
18446744073709551615 characters with the ability to
encrypt a folder
containing 13 files totalling 227KB in 15-20 seconds. I
was wondering if
anyone with the knowledge to bit test my algorithms could
please do so.

The strength of a properly implemented secure
algorithm is based entirely on the size of the keyspace

Doesn't blocksize have something to do with it?

and has nothing at all
to do with how much data it can
handle or how fast it can handle it.

Cryptography is a process of reversibly transforming data
from one (possibly dynamic) encoding to another based on a
parameter, "the key". Security depends on the degree of
difficulty of reversing the transformation without "the
key". Doesn't it seem plausible that the degree of
difficulty of reversing the transformation may depend
somewhat on its complexity, which may in turn determine how
fast it can process data?

On the other hand, perhaps the OP was saying, "Look how SLOW
my algorithm is; it must be very complex, therefore very
secure." There was a long thread in sci.crypt several years
ago that probed various features of this concept. In
general, the goal is to maximize security and speed at the
same time.

It's [the OP's question] equivalent to asking "I built
a red car, can anyone tell me how fast it will go?"

No argument here.


Without professional cryptanalysis of your algorithms
you can't be sure your hybrids have any security at
all, no matter how large the keyspace is; even then
that's not a guarantee but it's a lot better than no
analysis at all.

Professional peer review has no bearing on the security of
the cipher--the security is what it is. Cryptanalysis can
expose exploitable weaknesses in a cipher in the same way
that peer review can expose problems in anything, but that's
about all you can expect.


.



Relevant Pages

  • Re: Q: Kerchhoffs principle
    ... security is not affected by publication. ... publish our algorithms so that others can catch our mistakes, ... will be at least as secure as the first cipher used. ... cypher A as DES, and cypher B as DES inverse. ...
    (sci.crypt)
  • [REVS] Data Tastes Better Seasoned: Introducing the ASH Family of Hashing Algorithms
    ... Get your security news from a reliable source. ... The ASH family of algorithms provides modifications to the existing SHA-2 ... is designed to treat the actual hash function as a black-box that can ...
    (Securiteam)
  • Re: Question about bit strength
    ... I have two implementations of the algorithms i have produced, both work flawlessly to encrypt/decrypt content, but I am still unsure as to the bit strength of these algorithms. ... and the plain text is padded so that the cypher text is easier to produce, after which the padding is removed and the cypher text written to a file so there is no increase in size as with other methods. ... Each algorithm is capable of encrypting/decrypting strings well in excess of 18446744073709551615 characters with the ability to encrypt a folder containing 13 files totalling 227KB in 15-20 seconds. ...
    (sci.crypt)
  • Re: 8 bit white noise algorithm
    ... Key the cipher with the key of your choice (since security is not a concern, key management is not a concern). ... and then there are crypto-quality PRNGs. ... Most crypto algorithms only achieve high security when used in a rolling mode, initially seeded with something truly random. ...
    (comp.dsp)
  • Re: Controversial paper - Good response article on ZDNet
    ... you removed my arguement on operating systems. ... following best practices for firewall or network security at the head ... cost more, but you forget is that cost is a huge factor in security ... Your comparison to encryption algorithms is not applicable here. ...
    (sci.crypt)