LISTSERV - HP3000-L Archives

HP3000-L Archives

June 1998, Week 2

HP3000-L@RAVEN.UTC.EDU

	LISTSERV Archives
	HP3000-L Home
	HP3000-L June 1998, Week 2

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Re: Re[2]: New version of QCTerm available
From:	toback2 <[log in to unmask]>
Reply To:	toback2 <[log in to unmask]>
Date:	Fri, 12 Jun 1998 15:44:23 -0700
Content-Type:	text/plain
Parts/Attachments:	text/plain (97 lines)

Wirt writes:
>Gavin writes:
>> Wirt writes:
>>  > For this kind of application, we can generate a encryption routine that
>>  > will be essentially unbreakable, so long as we don't tell anyone what
>>  > the algorithm is.
>>
>>  With all due respect, this is unlikely.  You can do something to
>>  "obfuscate" the data stream so that it does not appear to be plain
>>  text, but any "do it yourself" encryption algorithm is almost
>>  always no better than a relatively simple obfuscation, no matter
>>  how much clever code or mathematical churning you put in.  That is,
>>  the cost to figure out a relatively simple obfuscation is probably
>>  not much less than that to break a "high-powered" do-it-yourself
>>  encryption algorithm.
>
>With equal respect, let me disagree. All that you have to do to really make
>something "obfuscated" is intermix a great deal of randomness into an
>encrypted signal, paying special attention to make the random symbols carry
>the same informational entropy as the encoded data.

With equal measures of respect, let me agree and disagree. What Wirt is
saying is correct but irrelevant, unless he intends to distribute
one-time pads. Computers can't generate random noise (unless they're
broken and/or acting as news servers); they can only generate bit streams
using some kind of a state machine plus an initialization vector. Any
computer-generated bit stream is predictable.

>The only way to break a code where you have no idea what algorithm has been
>employed (or what the messages are) is to perform some sort of signal
>analysis
>on a very large number of observations. The simple way to befuddle such an
>analytical approach is to simply swamp the signal analyzer with meaningless
>noise.

Again, this is true, but the premises don't apply. First, an attacker
will know exactly what algorithm has been employed and will have a very
good idea what the messages are. The attacker will know the algorithm
because you're going to disclose it (in the form of a stream of machine
instructions), and will know what the messages are because any report you
transmit will have a lot of guessable boilerplate. Second, you have no
source of noise, only an algorithmically-generated bit stream -- unless
you're planning to use a one-time pad.

As long as you can figure out some reasonably-secure method of doing key
exchange, you can use any of several algorithms that are secure enough
for any commercial purpuse. DES and certainly triple-DES appear to be
secure for commercial purposes; RC5, which is also available without
license, is almost certainly secure enough for any commercial purpose.
(NSA knows for sure, but they're not telling.)

>A little bit
>of such encryption goes a long ways --

That depends on the value of the information encrypted, and on your skill
as a cryptographer. If you've never devised a cryptographic system and
then invited all and sundry to attack it, and if you've never done real
cryptanalysis yourself, you have no idea of your skill as a
cryptographer.

>and any such encryption routine would
>be far better than anything that was used during WWII
>(and most of that code
>was never broken, other than by stealing the code books or capturing the
>decryption machines).

This is incorrect. Both the German Enigma and the Japanese Purple were
solved analytically, using a known-plaintext attack. In fact, Enigma was
reconstructed by analysis well before the first one was ever captured.
Both attacks relied on weaknesses in the system, not weaknesses in the
algorithm, and the system is only partially under your control. (When the
systems were improved, as in the German naval cryptosystems, analysis
sometimes used a chosen-plaintext attack.) British codes were almost
trivial to solve by analysis, and the Germans were doing so regularly
until about 1943.

The only secure cryptosystem is one in which an attacker must know the
key to recover plaintext. That is, the attacker should be assumed to have
possession of the encryption/decryption equipment, the procedures for its
use, and all the cyphertext s/he wants. You should rely on an algorithm
of known quality, analyzed by people skilled in such matters. Then you
can concentrate on secure key exchange, which is difficult enough.

-- Bruce

--------------------------------------------------------------------------
Bruce Toback    Tel: (602) 996-8601| My candle burns at both ends;
OPT, Inc.            (800) 858-4507| It will not last the night;
11801 N. Tatum Blvd. Ste. 142      | But ah, my foes, and oh, my friends -
Phoenix AZ 85028                   | It gives a lovely light.
btoback AT optc.com                |     -- Edna St. Vincent Millay
Mail sent to [log in to unmask] will be inspected for a
fee of US$250. Mailing to said address constitutes agreement to
pay, including collection costs.

ATOM RSS1 RSS2

RAVEN.UTC.EDU