adamm@encore.UUCP (Adam S. Moskowitz) (07/02/87)
I have been working with a fairly simple-minded encryption scheme of my
own design for a year or so now. I know that it's not too hard to crack,
but it does allow for very large keys and defies simple frequency &
distribution attacks. I use it because there are times I don't have access
to the UN*X 'crypt' program and need to hide some data from other people on
the system (private letters, personal financial plans, &c.) In the process,
I started wondering about encrytion in general. Specfically, how much
harder is it to decrypt something if you don't know what algorithm was used?
I don't have a very strong mathematical background, so please keep your
answer/proof simple. An answer like "n orders of magnitude" and some simple
reasons will do. As always, email to me and I will summarize what I get (if
anyone's interested).
Thanx.
--
Adam S. Moskowitz ...!{decvax,ihnp4,linus,necntc,talcott}!encore!adamm
"I'm a long time travelling here below; I'm a long time travelling away from
my home. I'm a long time travelling here below; to lay this old body down."devine@vianet.UUCP (Bob Devine) (07/05/87)
> but it does allow for very large keys [...] Large key space does not in itself provide security. It is how the key is used not its absolute size that matters. Large numbers, by themselves, do add the problem of being more unwieldy; but this is probably a small concern. > Specfically, how much > harder is it to decrypt something if you don't know what algorithm was used? > I don't have a very strong mathematical background, so please keep your > answer/proof simple. An answer like "n orders of magnitude" and some simple > reasons will do. I don't think there exists any ratio that can be universely applied. Decryption is too much an art to quantify. For certain, any information about the "purloined letter" -- its contents, the expected algorithm used, possible subject area, source and destination, past messages -- will aid in reading it. But to try to put a number on it, well ... I can't. Many times a crytanalysis has succeeded without the breaker knowing the algorithm. Kahn's books has many such stories. His "Codebreakers" book opens with the telling of how the Japanese Purple code was broken by the US. [Kahn's book (a tome is more accurate) is a great starting place for a history of how secrets have been protected.] Historically, the only ciphers and codes were those that had both the algorithm and key (and codebook if used) secret. Within the last decade advances in cryptology have come from mathematical number theory where the algorithm is openly published. In fact, RSA's only protection is under business law. Bob Devine