Spelling it Out.
in [Cryptography]
|
Prev: Cryptography Currently on the Table.
Next: A more complex polyalphabetic substitution processing
From: adacrypt on 7 Jul 2010 02:56 Weak cryptography means ciphers that have to be shored up with user assistance like for instance the RSA cipher that is clearly unable to stand alone and requires very expensive user assistance. Effectively this is saying that it requires specialist management which is a contradiction of good cipher design. Furthermore, this cryptography is only practically unbreakable in class and may be broken by cryptanalysts at any time in the near future. A proper cipher should be able to read in plaintext from batch files that are prepared by non-specialists and output ciphertext to similar files for electronic transmission without any user assistance. At the far end i.e. at decryption time, it should also be able to read in ciphertext from external files that have been sent as email and output messagetext. It must be able to do all this without human help within the computer program alone. Secure communications should be reduced to something akin to word processing instead of being what we know it to day that will eventually happen in my view. All obfuscation technique should be contained within the cipher software and the external management of this software should be possible by people who dont need to know anything about cryptography. Infrastructure managers may then be recruited from any walk of life in general management. This reduces the more complex work of perfectly secure communications from being a difficult one with few solutions as we know it today to one of management that has lots of solutions. In the Mutual Database cryptography on the table the infrastructure management entails channelling databases around the globe to various new Bobs by whatever means is appropriate. There is no need for the eventual operators to know how those databases will be used when they are later deployed in cryptography cheers - adacrypt
From: Tom St Denis on 7 Jul 2010 06:00 On Jul 7, 2:56 am, adacrypt <austin.oby...(a)hotmail.com> wrote: > Weak cryptography means ciphers that have to be shored up with user > assistance like for instance the RSA cipher that is clearly unable to > stand alone and requires very expensive user assistance. Effectively > this is saying that it requires specialist management which is a > contradiction of good cipher design. Furthermore, this cryptography > is only practically unbreakable in class and may be broken by > cryptanalysts at any time in the near future. I don't get what you mean. RSA requires assistance? In what sense? All I need to make an RSA key is a few random bits and time. On most platforms that can be done in the background with no human intervention at all. > A proper cipher should be able to read in plaintext from batch files > that are prepared by non-specialists and output ciphertext to similar > files for electronic transmission without any user assistance. At the > far end i.e. at decryption time, it should also be able to read in The RSA PK algorithm (why you keep comparing that to your symmetric algorithm I don't know) is not an application, it's an algorithm. So this entire paragraph is nonsensical. > ciphertext from external files that have been sent as email and output > messagetext. It must be able to do all this without human help within > the computer program alone. Secure communications should be reduced > to something akin to word processing instead of being what we know it > to day that will eventually happen in my view. Have you ever used HTTPS? How much human intervention goes into that? > In the Mutual Database cryptography on the table the infrastructure > management entails channelling databases around the globe to various > new Bobs by whatever means is appropriate. There is no need for the > eventual operators to know how those databases will be used when they > are later deployed in cryptography cheers - adacrypt How are the databases initialized? Is the original input into that process shorter than the messages you encrypt? Do you pride yourself on knowing less about cryptography than a screenwriter for Swordfish? Have you given any consideration to becoming less ignorant about both computer science and cryptography? Do you have any hobbies outside of posting nonsense to sci.crypt? Something maybe you could devote more time to instead? Tom Tom
From: Gordon Burditt on 7 Jul 2010 13:33 >Weak cryptography means ciphers that have to be shored up with user >assistance like for instance the RSA cipher that is clearly unable to >stand alone and requires very expensive user assistance. Effectively Your cryptography will never substitute for RSA, in most of the applications RSA is used for. It's like trying to use a transplanted kidney as a replacement for a brain. They aren't substitutes for one another. Do you understand the differences in use for symmetric vs. asymmetric cryptography? It's obvious from your posts that you don't. >this is saying that it requires specialist management which is a >contradiction of good cipher design. A group of people using cryptography (e.g. employees of the same company) between themselves will always need someone to make sure the keys are kept secure, that new group members are introduced to existing group members and vice versa, and that keys are changed periodically. RSA has the possibility of setting up a public key server, which permits anyone who has access to it (and who trusts it) to send secure messages to anyone listed, without having to send messages unencrypted. How does your cryptography handle this? I mean besides "Duh, that's a management problem". >Furthermore, this cryptography >is only practically unbreakable in class and may be broken by >cryptanalysts at any time in the near future. Explain how you set up communications between two people who don't know each other (e.g. Joe Blow who wants to buy widgets and the sales department of Widgets, Inc., a company that sells widgets) and who don't have any pre-shared keys (which will be typical of e-commerce transactions, at least for new customers), using your cryptography. With RSA, Joe Blow can look up the public key of Widgets, Inc., on a key server that he trusts, use that public key to encrypt a message to Widgets, Inc., and include his own public key so Widgets, Inc. can reply. How does your cryptography handle this problem? I mean besides "Duh, that's a management problem". >A proper cipher should be able to read in plaintext from batch files >that are prepared by non-specialists and output ciphertext to similar >files for electronic transmission without any user assistance. At the >far end i.e. at decryption time, it should also be able to read in >ciphertext from external files that have been sent as email and output >messagetext. It must be able to do all this without human help within >the computer program alone. What cryptography *can't* do that? You do, however, have to deal with identifying the correct key to use. Both RSA and your cryptography have the problem with distinguishing *WHICH KEY* to use for decrypting a message that just came in. It is common with RSA to include the (signed) public key in the message, which can be used to determine which key to use for replies. How does your cryptography handle this problem? I mean besides "Duh, that's a management problem". >Secure communications should be reduced >to something akin to word processing instead of being what we know it >to day � that will eventually happen in my view. That means that cryptography will have to handle word processing file formats and arbitrary raw binary data (such as images, video, audio, and executables). Your cryptography, for some bizarre reason, does not. >All obfuscation technique should be contained within the cipher >software and the external management of this software should be >possible by people who don�t need to know anything about >cryptography. People who do not know anything about cryptography do not know that they have to keep their key secret. This is a problem for anyone using any type of cryptography. >Infrastructure managers may then be recruited from any >walk of life in general management. This reduces the more complex >work of perfectly secure communications from being a difficult one >with few solutions as we know it today to one of management that has >lots of solutions. Yet you refuse to talk about management issues, such as how to deal with key generation, messages received out of order, and how to figure out what part of the key to use to decrypt this message. >In the Mutual Database cryptography on the table the infrastructure >management entails channelling databases around the globe to various >new Bobs by whatever means is appropriate. There is no need for the >eventual operators to know how those databases will be used when they >are later deployed in cryptography � cheers - adacrypt If Mutual Database cryptography runs out of keying material, describe how it gets more. How does Mutual Database cryptography determine that the databases have gotten out of sync (say, by a message becoming corrupted in transmission, which is not that unlikely with enemy jamming and nuclear EMP going off)? What procedures are used to fix this? Who does this? I mean besides "Duh, that's a management problem". If you can come up with theoretically unbreakable *PUBLIC KEY* cryptography, there will be huge demand for that if the administrative problems of using it aren't much bigger than for RSA.
From: Gordon Burditt on 7 Jul 2010 13:43 >Do you pride yourself >on knowing less about cryptography than a screenwriter for Swordfish? adacrypt knows less about cryptography than a dead swordfish, much less an actual literate human. >How are the databases initialized? Cat urine?
From: Bruce Stephens on 7 Jul 2010 14:50 adacrypt <austin.obyrne(a)hotmail.com> writes: > Weak cryptography means ciphers that have to be shored up with user > assistance like for instance the RSA cipher that is clearly unable to > stand alone and requires very expensive user assistance. Given the subject "Spelling it out." you should probably be rather more explicit about what you're saying. Can you indicate anybody who uses a modern computer who doesn't use RSA regularly? My mother does, for example, since she reads email (googlemail and Windows Live Mail (which presumably uses TLS)), and she's not particularly computer literate (and almost surely has no idea what "RSA" is). > Effectively this is saying that it requires specialist management > which is a contradiction of good cipher design. Furthermore, this > cryptography is only practically unbreakable in class and may be > broken by cryptanalysts at any time in the near future. None of your schemes are in the same class as RSA. RSA's asymmetric, and none of yours are. If we consider only perfectly secure systems, we already have OTP. You've given no indication of why yours is better (than an obvious implementation of OTP), and it appears to be worse in every respect in which it differs. > A proper cipher should be able to read in plaintext from batch files > that are prepared by non-specialists and output ciphertext to similar > files for electronic transmission without any user assistance. So you want to make Microsoft Windows completely secure or just eliminate it altogether? (Either's fine with me.) And you'll need to store all computers in safes while they're not being used (or secure them in some other ways). Why is that easier? I suspect management buy-in will be harder than you expect... [...]
|
Next
|
Last
Pages: 1 2 3 Prev: Cryptography Currently on the Table. Next: A more complex polyalphabetic substitution processing |