Re: a few questions about AES

"Antony Clements" <antony.clements@xxxxxxxxxxxxxxx> writes:

<snip>
(1) "Complexity". Certainly, the strength of a cipher depends on the
algorithm that it uses. But some of these algorithms are amazingly
simple - you could write them down completely from memory. So, a
"simple" cipher might be very secure, and a "complex" cipher might be
trivially insecure. Rather than saying that the strength of a cipher
depends on the "complexity", I'd say that the strength depends on the
"algorithym (regardless of complexity)".

(2) "How many keys". Phil Carmody put this best. The # of keys
establishes an upper bound on the cipher strength. For exampe, if there
are only 2^10 keys, then, it is trivially easy to try each key in turn
(a brute force attack). So, few keys => a weak cipher. But the converse
is not necessarly true: many keys does /not/ necessarily => a strong
cipher.
<end snip>

the algorithm is very very simple, and i was referring to the complexity of
the key(s) used. the algorithm is a simple XOR stream cipher that
concatenates each key (each key is = the length of the userkey * 8. the
minimum size userkey is 8 bytes the maximum for the userkey is 64 bytes.).
this is why i have set a physical limit on the file size so that no keys are
repeated. the more permutation techniques AFAIK = more possible keys. the
lowerbound of possible keys is 3.43239^156 by my calculations, with an upper
bound of 1.0443^1233. keys use the whole ascii range.

<snip>
AFAIK, the only way to really establish the strength of a cipher, is to
have it crytanalyzed by a professional cryptographer. General
programming skills, are nowhere near enough for this. For example, I've
been a professional software developer for over 30 years; I've written
probably half a million lines of code in many different languages; I've
had an amateur interest in cryptography for several years; but I have
absolutely /no clue/ how to cryptanalyze a cipher to see if it is weak
or strong!
<end snip>

which is why i am asking in here, surely there is someone capable of
cryptoanalysing.

Sory, is that how you get your medicine as well? Ask on the net for some
doctor to treat you for free? Or your legal work? Or your plumbing?
Put up your mone. they have an expertise which you will need to pay for.



.

Relevant Pages

  • Re: a few questions about AES
    ... algorithm that it uses. ... trivially insecure. ... establishes an upper bound on the cipher strength. ... few keys => a weak cipher. ...
    (sci.crypt)
  • Re: a few questions about AES
    ... A cipher might have ... many keys there are. ... the strength of a cipher depends on the ... - a simple algorithm is not necessarily weak; ...
    (sci.crypt)
  • Re: =?windows-1252?Q?The_Renaissance_is_Here_=96_SD_cryptography=2E?=
    ... cipher in itself. ... alphabet later to create keys ad hoc, ... All modern cryptography depends on going public with the vitally ... Even RSA and other public-key algorithms do not ...
    (sci.crypt)
  • Re: cipher program
    ... > Both the program code and the cipher are, well, atrocious. ... > Determining that 16 bits of entropy is all the passphrase does. ... >> might be achieved with a more complex algorithm, ... > It's periodic XOR with a fixed period of 2^16 bytes. ...
    (sci.crypt)
  • Re: Initializing GFSR Generators.
    ... It is important to see the system around "the cipher" ... I innovated an "alias file" to hold the actual keys, ... somebody has to get through a combiner ...
    (sci.crypt)