Slashdot Mirror
Modern History of Cryptography Techniques
Heather writes "The encryption scheme you rely on today might be full of holes just a few years down the road. Learn how far we've come in the last few decades, and why your apps need to be ready for change. This article builds on a previous article about Enigma, Germany's WWII-era encryption system."
TFA mentions using AES, TDES, or RSA as alternatives to DES. He also says, "...the final AES standard is estimated to require a current cryptanalysis system 149 trillion years to decrypt." That may be true for direct-channel cryptanalysis, but side-channel attacks such as cache timings against most implementations of AES can guess the key given known plaintext, known ciphertext, and at least estimated timings for encryption.
p df
Read more: http://cr.yp.to/antiforgery/cachetiming-20050414.
I mod down pyramid schemes in sigs.
I see tons of articles, but no one talks about "IDEA" any more.
from my research so far it hasn't been cracked. it was a european standard, so I guess it's not favorable in the US or north america.
it's still my favorite. and maybe it enjoys a bit of "security through obscurity" these days. But I'd really like to know.
and oh, if you're going to say it was cracked, please provide reliable references with links.
Seriously, I'd really like to know.
Fiction, but still good:
Neal Stephenson - Cryptonomicon
Then to explain how Enoch Root lives so long, you'll need to read
Neal Stephenson - The Baroque Cycle Trilogy
I have been a user for about 10 years. This ends Feb 2014. The site's been ruined. I'm off. Dice, FU
One-time pad (OTP) is the only "unbreakable" encryption.
The rest are algorithmic, and therefore susceptible to decryption by algorithmic attacks. Decryption of them is a matter of being clued to the nature of the algorithm, and perhaps in possession of the knowledge of a secret constant with which the decryption algorithm can be generated. And once the constant is guessed, all messages based on it are decrypted.
The only ways to decipher OTP-encrypted messages are to physically access the encryption or decryption pads, or steal the cleartext before it's encrypted or after it's decrypted.
(Note: since VENONA was not used only once, it's not actually OTP.)
I actually HAVE mod points, at the moment. But there's nothing on the pulldown for amusingly, pathetically, distressingly nerdy. Sometimes I wonder how many people get some of Jason's jokes in Foxtrot, and how he manages to get them into a mainstream newspaper comic.
The living have better things to do than to continue hating the dead.
The email I'm referring to is down a little ways.
Which doesn't clearly state if she did the implementation. It sure reads like she implemented someone from IBM's concept, or she wrote a paper about someone's implementation. I can't really tell from what she wrote.
However, whatever you are referring to appears to be reasonable hard to find on Google. I put in her name, DES, Boulder and encryption and various subsets. Whatever she did appears to be relatively lost to the sands of times as far as Google is concerned.
Kirby
how useless popular comms software is. Why should I have to register with Verisign to send an encrypted email to my girlfriend, co-workers etc. Why can't I just click a button and generate a random 128 bit key set and use PGP?
Why isn't this standard? A better question is, why can I send a MIME encoded attachement anywhere, but not a PGP encoded plain text email? Imagine the spam you could filter if you had a list of the PGP keys of all your friends and family. Imgaine if they moved email address, but there PGP key stayed the same.
If this is because Zimmerman want his 2 cents (which I can't blame him for) can't it be included in the cost of Windows and Macs, and let the rest of us download it for free? We need authenticatable (if there is such a word) emails, IMs etc yesterday. We have the technology!
Scared of flying, pointy things snce 1979!
Exactly, and this because the asymmetric part (RSA) is very slow compared to a symmetric algorithm. So we use the asymmetric part only to perform a key agreement protocol, in other words to agree on a new key to be used in the following symmetric part.
In fact, RSA is starting to age quickly, and there are far better alternatives.
Since there are subexponential algorithms to solve the factoring problem, RSA key sizes will increase a lot in the next years, and will soon be in the thousands of bits.
There are many other choices for asymmetric schemes, and there are groups for which no subexponential attacks in the key or block size are known. These should be used in conjunction with a symmetric scheme such as AES.
Very attractive today are elliptic curves (ECC endorsed also by the NSA, no less [*]) and low genus hyperelliptic curves (HECC). a 140 bit ECC or HECC key offers security equivalent to 1024 bit RSA. The bandwidth advantages are evident, and at this level speed is of the same orged of magnitude, with an advantage of ECC and HECC over RSA.
Arjen Klaas Lenstra wrote a nice contribution in Key Lengths to The Handbook of Information Security. If you cross-reference with the paper he wrote with Erik Verheul on Selecting Key lengths, you will see that 200 bit ECC and HECC should be equivalent to about 4000 bit RSA security, which should be a good estimate for a good security level for the year 2050 - the NSA is proposing to use 571 bit ECC, which provides security equivalent to about 15,000 bit RSA. Now, creating good istances of RSA moduli of that size is lengthy, and at the same time the cryptographic operations become extremely slow. ECC and HECC mantain good speed though.
Multivariate quadratic systems can be used to construct both secure and efficient public key schemes. Their main problem is the key size, which can easily go to several hundreds of kilobytes. But, the attacks are exponential in the block size, which, for the so-called oil-and-vinegar schemes, remain well bounded. They are very fast and are nice for exchanging keys for the symmetric scheme following the asymmetric part.
Lattice-based systems, NTRU (which can be interpreted as a special lattice based system) are also nice alternatives, but it is difficult to construct secure instances. Code-based systems are vey nice, but the main advantages are short signatures, hence their main application is outside the scenario considered here.
[*] The E.U. is endorsing elliptic curves, too. A strategic project, AREHCC, did extensive Advanced Research on Elliptic and Hyperelliptic Curve Cryptography. The web site of the project, now ended, is still up (http://www.arehcc.com/) and there is a bit of interesting material. A book has been just published on the subject, by authors that worked for AREHCC:
R. Avanzi, H. Cohen, C. Doche, G. Frey, T. Lange, K. Nguyen, and F. Vercauteren.
Handbook of Elliptic and Hyperelliptic Curve Cryptography.
Chapman & Hall - CRC Press. 2005.
This is a mammoth book, and for a leaner introduction, with less theory but perhaps better for practitioners one can get
D. Hankerson, A. J. Menezes, and S. A. Vanstone.
Guide to elliptic curve cryptography.
Springer-Verlag, Berlin, 2003.
a very well written introduction. Then there are the two books edited by Blake, Seroussi, and Smart, on ECC. The latter titles however lack a treatment of HECC.
A follow-up project to AREHCC (and NESSIE), called ECRYPT (http://www.ecrypt.eu.org/), has also considerable resources devoted to alternatives to RSA - including ECC, HECC, and all the other alternatives mention
bWbhy blbeave bibt btbo bab bcbomputer bwbhen bab bhbuman bcban bdbo bab bbbetter bjbob?
The One Time Pad algorithm have a hight administration cost, mainly because the problems related with the random file generation, deployment and the process of destroying the random data.
My company sell a cellular GSM-CSD voice encryption product, and i developed an One Time Pad version for this product.
Currently i see problems using only One Time Pad, and i prefer using OTP with symmetric encryption in our product, creating a two protection layers, because the weakness is with the human being.
The end user wants to use the best security and wants to have a secure phone like a common cellular phone, and i think this can't be done.
The OTP can be used only by people who understand the OTP problems, this technology can't be used by the common people.
The success of using Navajo wasn't so much due to Japan being a closed society; it was because there were no Navajo speakers outside the US at all, .
But there were anthropologists, researchers, people who studied Navajo language etc. Japan "closedness" resulted in comparatively low interest in anthropology in general - while in pre-WWII European countries, including Poland, there were people studying alien cultures just for sake of interest in otherness as such. There are no native Nambikwara speakers outside Brasil but in case of war between Brasil and France, French code breakers could break the "Nambikwara code" thanks to works done on Nambikwara by Claude Levi-Strauss. The point is that there were no Levi-Strausses in Japan.
Is it time to increase the default keysize in GPG?
Currently, the default key generation method in GPG is to create a 1024 bit DSA master key and Elgamal subkeys. The GNU Privacy Handbook admits that a key size of 1024 bits is "not especially good given today's factoring technology."
If the authors of GPG know that 1024 bits is not a good key length for an asymmetric cipher, why not set the default length for the master key at 2048 bits? If that would require switching to RSA as the default signing algorithm, why not do it?
RSA is normally only used for encrypting a private key for a symmetric encryption algorithm like DES or AES. In the group of symmetric encryption algorithms, DES is one of the slowest algorithms. It has many operations that are easy to do in hardware but awkward to do in software. AES is much faster.
Mea navis aericumbens anguillis abundat