[Cryptography] [FORGED] Re: So please tell me. Why is my solution wrong?

Wed Feb 8 12:46:49 EST 2017

On Wed, Feb 8, 2017 at 9:26 AM, Joseph Kilcullen <kilcullenj at gmail.com>
wrote:

> Yes, I agree with all this. I figure this solution will force the phishers
> into the Certificate Authority domain. Force them to up their game. Right
> now they don't need any TLS certificate. Also, while I agree with your
> stories I hate a good solution being dismissed because there are idiots out
> there. In my opinion proper cryptographers should see the simplicity of
> this solution. The responses I've got so far are very helpful because they
> indicate people are just not reading my paper.
>
> They look at the picture and assume its SiteKey, which it is not!
>
> Thanks
>

Good solutions are almost universally dismissed.  The trick is to ignore
the negative feedback and keep inventing new ideas, both good and bad.

Here's a story that highlights this in crypto.  An undergrad student at UC
Berkeley in the 1970's took a crypto class which required that each student
pick a class project to implement during the course.  This student came up
with the following idea for a class project:

- Alice and Bob want to communicate, but Eve sees every message that Alice
and Bob send each other.
- Alice encrypts 1,024 strong keys (back then a strong key was 64 bits
long), using random weak keys that are only 20 bits.  The encrypted strong
keys are MACed so that you can figure out when you've found the right
20-bit weak key.
- Alice sends the encrypted strong keys to Bob
- Bob picks one at random and guesses the weak 20-bit key to get the strong
64-bit key.  This takes about 500,000 attempts to guess the weak key on
average.
- Bob sends a message back to Alice, saying "I am using this key",
encrypted with the strong key that Bob decrypted.
- Alice tries all 1024 strong keys that she generated, finds the correct
one, and starts communicating with Bob using that strong key.

Eve sees all 1024 encrypted keys, but does not know which one Bob picked,
so Eve has to crack on average 500 of them before she finds the one Bob
picked.  Assuming Eve has only similar compute power to Bob and Alice, Eve
will most likely be kept out of the conversation for the time it takes to
do 500,000,000 decryption attempts, probably hours or days.

This scheme is the first publicly known public key cryptography, though the
NSA claims they invented it first.  The student invented public key crypto
for an undergrad class project.  It eventually revolutionized the entire
field.

The professor rejected the student's proposal, saying, "That's not how
crypto is done."  The student was so upset that he dropped the class and
forgot about crypto entirely until he was in grad school at Stanford.  That
student was Ralph Merkle, and his invention is called Merkle Puzzles
<https://en.wikipedia.org/wiki/Merkle's_Puzzles>.  He's credited as the
inventor of public key cryptography, among several other incredible
inventions.

Bill
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20170208/f5fcadf0/attachment.html>