[Cryptography] Dumb question -> 3AES?

[Jerry Leichter]

On Aug 12, 2014, at 12:50 PM, John Gilmore <gnu at toad.com> wrote:

>> Given that the leading software break is still due to buffer overflows,
>> and nobody's ever cracked a big-name crypto algorithm in living memory ...
> 
> Are you losing your memory?  Enigma?  Purple?  DES?  MD4?  MD5?
Both Enigma and Purple were broken over 70 years ago, before we really had real theory of cryptography. (Even the basic approaches were old when they were designed.). So it's unreasonable to include them. 

Modern cryptography started some time after World War II; modern public crypto started with work at IBM on the late 1960's, leading eventually to DES. Last I heard, DES is only slightly weaker than would be implied by its key length. I'd say the history of widely studied and fielded block ciphers says that we can build such things to last at their design strength.  There's always room for a surprise, but in this particular corner of the crypto universe we haven't seen one in quite some time. 

The MDx's, and recent attacks against SHA, make it clear that we are not on this position for hash functions. 

The same goes for RC4 and stream ciphers. 

It's difficult to assess the state for asymmetric key crypto. RSA has held on, but the key size requirements initially grew much faster than expected - and of late, even at expected growth rates, are becoming impractically large. We haven't seen a dramatic improvement on factoring in two decades, but there's so much math there that it's dangerous to discount the possibility. I have the same fear about ECC.  Structure may give you proofs - but it may equally give you attacks.

Cryptography is far from a finished field of study....

                                          -- Jerry