• Welcome to Valhalla Legends Archive.
 

32-bit programming coming to an end?

Started by DVX, February 03, 2004, 01:25 PM

Previous topic - Next topic

o.OV

Quote from: R.a.B.B.i.T on March 12, 2004, 06:57 PM
cipher:
A cryptographic system in which units of plain text of regular length, usually letters, are arbitrarily transposed or substituted according to a predetermined code.

encryption:
1. To put into code or cipher.  (Hrm....)
2. Computer Science. To alter (a file, for example) using a secret code so as to be unintelligible to unauthorized parties.


Hence: telling somebody how to decrypt something automatically defies the definition of encryption, and the file is no longer encrypted, just hard to read.

o_o where did that come from
If the facts don't fit the theory, change the facts. - Albert Einstein

Grok

#16
I disagree, and so do the world's cryptoanalysts.

Telling someone how to decrypt a message, and them still being unable to do so, merely helps prove the algorithm for encryption is a good one.  In the cryptoanalyst world, nobody would rely on an algorithm that the rest of the world had not tried to crack.  It's the secret key which is withheld, only.

j0k3r

Quote from: Grok on March 12, 2004, 10:17 PM
I disagree, and so do the world's cryptoanalysts.

Telling someone how to decrypt a message, and them still being unable to do so, merely helps prove the algorithm for encryption is a good one.  In the cryptoanalyst world, nobody would rely on an algorithm that the rest of the world had not tried to crack.  It's the secret key which is withheld, only.
Person 1: "How do I crack this?"
Person 2: "Here I'll tell you"
Person 2 tells Person 1
Person 1: "Ok what's the secret key? I thought you were going to tell me how to crack it."
Person 2: "Oh, well I can't tell you that"

You're not telling them anything without the key, so claiming you told them how to break it is a lie. You can't tell someone to open your lock, and then when they ask how, you tell them "Well 2 turns to the right until a certain number, one to the left then land on the number, and then to the right until another number" and claim you told them how to open it.
QuoteAnyone attempting to generate random numbers by deterministic means is, of course, living in a state of sin
John Vo

Grok

How to decrypt and being able to use that knowledge are distinct notions in cryptoanalysis.

I would not feel safe behind an encryption algorithm just because you did not know the algorithm.  I would much rather you know the algorithm (how to decrypt a message), but still not be able to because you did not have the private key.

When you said "you're not telling them anything without the key" is accurate, but the second part, "so claiming you told them how to break it is a lie" is still wrong.

"Security through obscurity is no security at all" is the golden tenet of security.

j0k3r

You can't break it without the key, so they are not able to break it. Have you really told them how to crack it? No, telling them would include the key so that they are able to do it. Anyways I think that it's just a technicality in that saying.

What's the point of using an algorithm at all if the only security is the secret key, or if you're going to release the algorithm?
QuoteAnyone attempting to generate random numbers by deterministic means is, of course, living in a state of sin
John Vo

Kp

Quote from: j0k3r on March 13, 2004, 09:56 AMWhat's the point of using an algorithm at all if the only security is the secret key, or if you're going to release the algorithm?

Well, most of the popular algorithms are publicly known and have been independently confirmed many times over that you can't break it without the secret key.  Having the algorithm out there lets others confirm for you that it really will hold up against a "modest" brute force attack (e.g. someone tries a few thousand combinations for the key and gives up).  An algorithm which relies upon no one knowing what it did to the text is broken as soon as a client capable of decrypting it gets out.  As long as no one has the client, they have no idea what it's done to the code (unless they do exhaustive analysis of ciphertexts and associated cleartexts, but that could be very difficult if the algorithm is even moderately complex).  However, as soon as you get the client and see that it just takes the <math operation> of the ciphertext to get the cleartext, you can immediately break down all messages sent with that algorithm.  If a secret key was fed into the operation as well, you'd need to acquire the ciphertext, the algorithm, and the secret key.  Secret keys are, well, secret, so that's where the security comes from.
[19:20:23] (BotNet) <[vL]Kp> Any idiot can make a bot with CSB, and many do!

K

Exactly.  I will tell you that I'm using Triple DES or whatnot, and unless you can solve discrete logarithms via some technique no one else knows, I'll feel pretty safe.