Re: Can you decrypt this?

On Mon, 23 Apr 2007 01:45:21 -0400, "Glenn P.,"
<C128UserDELETE-THIS@xxxxxxx> wrote:

On 22-Apr-07 at 9:52pm -0500, <jdege@xxxxxxxxxxxxxx> wrote:

Provide a full description of the method.

Provide ten test messages we can use to validate our understanding of
the method -- ten sets of plaintext+key+ciphertext.

With YOUR (you and others) attitude? LOL! I'd be wasting my time. I'd
prepare the description of the message, and the ten test messages, and
upon posting them, I would promptly be greeted by jeers, derision, and
a flat-out refusal of ANYONE to do ANYTHING -- period.

But do I wish to challenge one of your assumptions.

In asking for "a full description of the method", you assert that for
a cipher to be proven (I don't remember the exact term you used, but
"proven" is the gist) the method must be known to the tester.
Correct. NIST published the full algorithm for AES so anyone who
wants to try to break a message encrypted with AES knows the
algorithm.

Look up Kerchoff's Laws.


That's fine and well, but it presupposes that the purpose of supplying
the cipher is to have its integrity tested. In that event, yes, the
method must be described, so that its weaknesses may be better exposed.

However, supposing it is simply being submitted for cryptanalysis? Even
a weak cipher can go unbroken if the cryptanalyst is unskilled; during
the Civil War, for example a simple word transposition cipher used by
the Union, utterly befuddled the Confederacy, and was never broken.
Security, in the cryptanalysis sense, lies as much in the strength of
the cryptanalyst as in the strength of the cipher.
Why should I use a cypher whose security is dependant on how well the
originators have secured the algorithm? Do I get to vet every
employee, including the office cleaners and overnight security staff?
Do I get to vet every customer so I can be sure that their security is
also up to scratch? I would much rather use a public algorithm where
none of this is of any concern to me.


In wartime, absolutely the ONE thing you can count on about ANY cipher,
barring anything gained from other intelligence sources, is that you
will know next to nothing about it. Even as simple, as basic a question
as whether it is substitution or transposition must be deduced by the
cryptanalyst. He doesn't start with this knowledge -- he has to find it
out! You think the Enemy is going to TELL you this? Try asking them, if
you enjoy getting laughed at in your face!
In wartime you have to assume that your enemy has a copy of your
cypher and knows how it works. Soldiers and equipment get captured
from the start of the war. In WWII the Poles captured some Enigma
machines despite losing so quickly. Your enemy can mount special
operations just to get copies of your codes and cyphers. You
certainly cannot count on the enemy not knowing your cyphers.


So, as for "tell us the method", yes -- for mathematical testing.

But not in cryptanalysis. You can almost COUNT on the "codebreaker" NOT
having knowledge of which cipher the enemy is using!
Not in many real situations.

rossum


And that brings me to another point: near the top of this thread, someone
said to the original poster something to the effect that "it would be very
difficult to break without knowing the cipher". Need I really belabor the
point that -- ahem -- that's the general idea!?

And just in case you've overlooked the point, cryptanalysts commonly DO
break ciphers for which they know NEITHER the cipher being used, OR the
key, all the time. It's all just a matter of skill.

-- %%%%%%%%%%% "Glenn P.," <C128UserDELETE-THIS@xxxxxxx> %%%%%%%%%%%
_____ -----------------------------------------------------------------
{~._.~} "...Nor is it strange,
_( Y )_ After changes upon changes, we are more or less the same;
(:_~*~_:) After changes, we are more or less the same..."
(_)-(_) --------------------------------
========= --SIMON, Paul; & GARFUNKLE, Art:
========= "The Boxer" (Sung In Concert).

:: Take Note Of The Spam Block On My E-Mail Address! ::

.

Relevant Pages

  • Re: Kryptor for Linux released
    ... I have been discussing with Angelo in private and I told ... version of their "cipher", no serious cryptographer would ... attacks attemps and reduced-round cryptanalysis. ... I hope Angelo that you are not trying to push low-grade crypto around. ...
    (Focus-Linux)
  • No Fear of Cryptanalysis.
    ... that I am expounding here in sci crypt is theoretically unbreakable by ... I will accept a paper cryptanalysis backed ... This cryptography uses a random key string that is equal in length to ... Pad cipher but is generally applicable to all scalar ciphers. ...
    (sci.crypt)
  • Re: simple math question
    ... I did not once state that linear cryptanalysis or differential cryptanalysis ... If you actually want to learn how to design ... from the basics by focusing on the attacks already published. ... An 8-bit cipher with an 8x8 bijective sbox S the cipher is simply ...
    (sci.crypt)
  • Re: Is plaintext with CRC more suseptable to cryptoanalysis?
    ... >Does the notion of the CRC on previous bytes in the packet, ... >to another, introduces a weakness, regardless of the actual cipher. ... Instant Ciphertext-Only Cryptanalysis of GSM ...
    (sci.crypt)
  • Re: SPES (my new encryption) one of its kind
    ... with provable security properties rather than a system very difficult ... an AES128 is far more secure than a Vingenere cipher even with a MB ... If you are speaking of the key used into the encryption, ... bruteforcing the cypher? ...
    (sci.crypt)