[Cryptography] [Crypto-practicum] Hypothetical WWII cipher machine.

Ray Dillinger bear at sonic.net
Tue Jul 21 15:10:39 EDT 2015 


On 07/20/2015 02:21 PM, Dave Horsfall wrote:

>> (Hmmm…. I wonder if you could make a cipher based on a Rubik’s cube?)
> 
> I was thinking the same thing myself, hence my remark on whether it worked 
> a bit like Rubik's Cube.

Yeah.  A non-electrified version - no circuits, input board,
output board - would be very easy to make (mill, laser cutter,
injection mold, 3d printer, whatever), could be pocket sized,
and with alphanumerics on the bits it would make a pretty good
"secure password" generator.  Give everybody stickers instead
of stamping the alphanumerics directly onto the bits, so they
all have unique mappings of movement to characters.  Then
they can assemble the name of whatever they're securing around
the outer edge, turn the thing fifty times, or whatever, and
then use the new outer edge for the password.  And, importantly,
there are no potentially-compromised electronics to steal
anything from.  There is no way for an electronic or software
breach in security to steal passwords from a purely mechanical
device. Stealing them from the sites where they're used, alas,
remains a problem.

It would be fine for that use. It would drastically improve
password security for people that use it, and the number of
passwords most people use wouldn't create enough traffic to
break it.

But I wouldn't be nearly as confident of it as a cipher for
encrypting reasonable amounts of traffic as I am of the
electrified version where two impulses go through a torturous
path to make a circuit and encrypt. The problem is that I
can understand how to get a handle on the raw movements
using group theory.  The "torturous path" with chaotic
feedback and uncertain lengths is needed to put it beyond
the abilities to analyze that I personally understand, so
that someone doing group theory wouldn't have a reasonable
way to initially detect the groups.

That said, it's still true that "anybody can make a cipher that
he himself cannot break."  I believe the electrified version
to have about 80-bit security, but someone else might have an
idea I don't.

				Bear



-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20150721/3746e12f/attachment.sig>

More information about the cryptography mailing list