[vox-tech] Which cipher to use?

Nicole Carlson vox-tech@lists.lugod.org
Tue, 4 Jun 2002 21:48:29 -0700 (PDT)


On Tue, 4 Jun 2002, Micah Cowan wrote:
> <rant>
> Which is why you should get extremely skeptical when a company called
> Prescient claims to have created a "virtually unbreakable" encryption
> system called e2sec, which claims to be a Vernam Cipher, yet its proud
> creators say that rather than having to store and pass around large
> keys, they pass around mathematical functions from which the keys are
> generated. Which means that the keys are *not* random - and therefore,
> by definition, *not* a Vernam Cipher. And therefore, not proven to be
> virtually unbreakable, as they claim.

It's amazing the self-deception these kind of companies are capable of.  I
remember Prof. Bishop telling me about another company he'd heard of,
claiming--you guessed it--mathematically unbreakable secure communications
using OTP.  You crypto-knowledgeable people know that the trouble with OTP
(with any symmetric cipher, actually) is key exchange--you have to get the
key to the guy at the other end.  So Bishop asked how the pads were
tranferred.  Why, they were sent across the same wire, encrypted;
effectively, the security of the message now rested in the encryption of
the key, only they STILL thought it was "mathematically unbreakable".
D'oh!  :)

One of these days we should have a crypto talk or something; nothing
fancy, maybe just outlining what it can and can't do, and how to recognize
snake oil pitches.

--nicole twn

***
"Every jumbled pile of person has a thinking part that wonders what the
part that isn't thinking isn't thinking of."--They Might Be Giants
Visit Nicolopolis! http://wwwcsif.cs.ucdavis.edu/~carlsonn
nmcarlson@ucdavis.edu ana.ng@tmbg.org carlsonn@seclab.cs.ucdavis.edu