Re: More on "Real_Time_Encryption_Program_Mark_2" - ref. Earlier Post



adacrypt wrote:
On Oct 7, 4:24 pm, Paulo Marques <pmarq...@xxxxxxxxxxxx> wrote:
[...]
Lets put this another way: if we repeat the challenge of 3 cyphertexts +
2 plaintexts but use a new random database that you create and keep
secret and you send the scrambling parameters in the clear, from what
you're saying there is no way I could recover the 3rd plaintext, right?

I'm willing to go through that challenge if you're willing to retreat
from sci.crypt in case I succeed. Since it should be impossible for me
to succeed, you have nothing to lose, right? Or are you afraid your
cypher won't resist another attack?
[...]

In that situation it would have been foolish of me to do that because
you already had the arrays of data to which they would refer - you
can't have every way.

That was _your_ choice. I was expecting you would use new arrays that
were unknown to me, but the same arrays for all 3 files.

When I provide a free download of my cipher complete with database I
was simulating a breach of the database that an adversary might
effect.

You were providing "test vectors" and that is perfectly ok and expected,
actually.

Normally in a known plaintext attack you would be lucky to have
acquired one only set of plaintext and the corresponding set of
ciphertext.

No, normally in a known plaintext attack, the attacker can have
gigabytes of plaintext / cyphertext and still not be able to recover the
key or any other plaintext from some new cyphertext. That is true for
all cyphers that are in heavy use today, e.g., AES. At least no one was
able to show otherwise yet.

I sent you two sets of these and one set of ciphertext.
This was particularly accomodating to you but to send the scarmbling
parameters as well as the database would have been downright foolish.

Normally you would have to breach the database to use the parameters
effectively.- I gave them to you ! - this was a demo situation for
readers - I went out on a limb in providing scope for your attack - I
would not have exposed my self if I knew you were going to take the
advantage you did.

Ok, so the first challenge didn't go very well because you didn't have
time to prepare it and there were some confusion about in what
conditions the files should have been generated. Fine. No problem.

But now, you can prepare the files correctly: a fresh new database that
I don't know about and the parameters sent in the clear like they are
supposed to be sent, right?

Why should this be a problem? Why are you running away from this
challenge? The only explanation is that you really do have doubts about
the security of your cypher, isn't it?

--
Paulo Marques - www.grupopie.com

"667: The neighbor of the beast."
.



Relevant Pages