[Cryptography] State of sin (was Re: What to put in a new cryptography course)
Ray Dillinger
bear at sonic.net
Wed Jul 27 12:16:22 EDT 2016
If an "attack" presupposes the application of brute force,
that's not an indication that a cipher is insecure. That's a
secure cipher functioning as intended.
Remember when the NSA shortened the Lucifer keys from 64 bits
to 56 bits when selecting an algorithm for DES? That's because
there is a formal definition, at least for symmetric ciphers,
of security.
A secure cipher is one which cannot be broken by any means
_more_efficient_ than brute force. They saw a cipher that gave
56-bit security (due to an attack the public didn't know about
at the time) and unless the key were shortened to 56 bits, it
would not be secure. If they knew everything we knew today,
they'd probably have lowered the key length to 54 bits. A 2-bit
break on a cipher that's been in use for 40 years and heavily
studied isn't bad for practical security (in the sense of
securing systems, 3DES is still a very reliable choice). But
it means that neither DES nor 3DES meets the definition of
a secure symmetric cipher.
A cipher with an 8-bit key would be formally secure if there
were no way to find a key more efficient than enumerating 8-bit
keys until a solution were found. The same is true of a cipher
with more possible keys than there are atoms in the visible
universe multiplied by the number of Planck times remaining
until its heat death.
Bear
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20160727/37be5159/attachment.sig>
More information about the cryptography
mailing list