Re: VMPC

fortune.bruce@xxxxxxxxx wrote:
<snip>
I admit, I am trying to get this discussed, as when distinguishers get
large enough, it becomes harder to see why this is a real-world
problem.
It isn't a disaster-style problem, but it is hard to see why one would
want to use a currently somewhat broken system when unbroken systems
are available.
<snip>
--
Kristian Gjøsteen

Thank you. But just how "broken" is an (2^54) 18 petabyte
distinguisher?

The cipher algorithm itself may be very capable, and its simplicity
should make analysis easier.

Great! Where is your analysis? (It's simple to do - right?)



But the bigger question is how broken? No one knows - or at least those that do know won't say. One of the purposes of academic and certification breaks is to show weakness. A 2**54 distinguisher is only the public face of VMPC. You don't know how far that weakness or possibly others can be exploited by TLA's, but that weakness and the potential for an exploit does exist. This is basic.

KG gives a lot of to sci.crypt in terms of time and quality. Biting the hand that feeds it is a very stupid thing to do.

When all of sci.crypt answers in the way you want, will you be satisfied that no one else uses it?
.