[Cialug] Complete C source online

Morris Dovey mrdovey at iedu.com
Thu Jul 25 14:10:58 CDT 2013


On 7/25/13 5:39 AM, Zachary Kotlarek wrote:
>
> On Jul 25, 2013, at 1:33 AM, Morris Dovey <mrdovey at iedu.com> wrote:
>
>> AES has the look and feel of a method /designed/ to be cracked with
>> appropriate hardware. I think we’ll learn that it’s as open as
>> DES.
>
> It wasn't designed in-secret by people known to be friendly to the
> NSA, and it's been studied in great detail by smart people who would
> have quite a lot to gain by proving it's crackable (and some of them
> *have* shown weaknesses, just not anything terribly significant).

Okay. :-)

> Like anything else it could be compromised, but you have to weigh the
> chance of that intentional (or otherwise known) compromise against
> the chances of you unintentionally compromising your own algorithm in
> any number of ways.

Of course...

> I'm also not sure what you're saying about DES. The key size is too
> small -- that was known (and complained about) at the time it was
> released. Other than the short keys it's pretty good, even by modern
> standards; the best faster-than-brute-force attacks on DES require
> like 2^40+ known/chosen plaintexts, which is impractical in most
> contexts. And 3DES is still considered a moderately secure cipher,
> though I wouldn't recommend it for new work; 3DES it's slow due to
> the iterative design and in the foreseeable future 112-bits will
> again be too short a key.

Even before DES was rolled out, I had been warned that it could be 
easily defeated. I considered the information I received as credible, 
from a source I had reason to trust - though data security wasn’t a big 
concern for me at the time.

> And of course AES isn't your only option. There are a whole slew of
> competitors if you don't like AES in particular. Or you could design
> a new set of s-boxes (assuming you know how to defend against
> differential cryptanalysis) and add a few rounds while still using
> the same basic algorithm. Or you could apply 3 different algorithms
> at the same time, for layered protection.

Yes - all this is true. Three of the pretty good rules in this arena are 
‘make no assumptions,’ ‘trust no one,’ and ‘in the absence of known good 
information, consider your limitations and go with your gut‘. I’m not a 
crypto guru, and I shared my gut reaction to the AES. FWIW, I’m 
perfectly willing to be wrong. :-)

> Of course none of that matters if you're not making the key secret,
> or if you're just trying to make someone spend a few of seconds of
> effort on decryption -- presumably even with the right hardware and a
> compromised algorithm there's still some effort required to crack the
> encryption.

/That/ is my focus.

> I'm all for your goal of hiding your communications. I can even get
> behind some paranoia about existing tools. I'm just trying to
> encourage you to consider the available tools as a starting point --
> at least in so far as understanding their design and all the
> complications of good encryption systems -- because I think they're
> closer to providing what you want than you might imagine, and I know
> they've already solved a lot of problems that could easily put your
> new system further from your goal than the existing systems.

Thanks. You have provided some much appreciated encouragement. I 
hesitate to accept paranoia as an appropriate descriptive - let’s just 
say that it’s sometimes necessary to consider that there /are/ hostile 
environments, and that it may be worthwhile to maintain adequately high 
standards of data security. [Yikes - I can hardly believe how PC that 
sounds! :-)]


More information about the Cialug mailing list