Maybe It's Snake Oil All the Way Down

bear bear at sonic.net
Mon Jun 2 13:51:58 EDT 2003 



"Scott Guthery" <sguthery at mobile-mind.com> writes:
> When I drill down on the many pontifications made by computer
> security and cryptography experts all I find is given wisdom. Maybe
> the reason that folks roll their own is because as far as they can see
> that's what everyone does.  Roll your own then whip out your dick and
> start swinging around just like the experts.
>
> Perhaps I'm not looking in the right places. I wade through papers from
> the various academic cryptography groups, I hit the bibliographies
> regularly, I watch the newgroups, and I follow the patent literature.  After
> you blow the smoke away, there's always an "assume a can opener"
> assumption. The only thing that really differentiates the experts from the
> naifs is the amount of smoke.

Well....  I do understand how it can look that way.  And getting away
from that problem is really hard.  The problem is, if you really want
to cut past recieved wisdom, you have to have your own wisdom to judge
it by.  That means you have to get an idea of what the threats are out
there.  And that means not only understanding hundreds of different
algebraic attacks and mathematical patterns that have been brought to
bear on various ciphers, but also understanding the underlying
mathematics that give rise to these attacks well enough to see if
you're just inviting a variation on something well-known that you
think you're defending against.  Crypto is a very context-intensive
business, and a "working knowledge" is actually more than can really
be expected of anyone except specialists.

I am not a crypto specialist.  I have studied protocol design, mostly
on my own, for about two years, and I still miss stuff but I'm still
getting better.  I have also studied cipher design, and mostly come to
the conclusion that it is wizardry beyond my ken to design a cipher as
secure as existing ciphers which can be used with as small an
investment in CPU power.  I like to think I came to it reasonably well
prepared; My professional background is in Artificial Intelligence,
and I've had a *LOT* of discrete mathematics and statistics in order
to get there.  But I still have to draw the line at cipher design; it
is for people who eat, sleep, and breathe crypto and crypto attacks,
and I just cannot do it.  I could build a secure cipher, but it would
look something like GOST; a long-keyed cipher based on a ridiculously
high number of rounds of a feistel network.  It would be slower than
3DES and nobody sane would use it.  *I* wouldn't use it if 3DES were
available.

So....  the people who can function at the level of cipher designers
are rare, and mostly they've devoted their lives to it.  The rest of
us pretty much have to accept what they say as recieved wisdom.  I've
learned enough that I can tell what they're saying, or maybe even see
how it would work, but usually it's stuff I wouldn't have thought of
trying in a hundred years, or whose existence as a risk is well-known
to them but unknown until that moment to me.

				Bear


---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list