From: Mok-Kong Shen on
Maaartin wrote:
> Mok-Kong Shen wrote:
>> Lest there be misunderstanding, I like to say that my
>> theme implies also that ideally all encryption algorithms
>> used will be simple ones, since the complexity are not
>> 'necessary'.
>
> You miss the point. Most people don't care about the complexity of an
> algorithm, most of them even have no clue what an algorithm is. And
> they won't understand it, be it you alg or AES or whatever.
>
> They don't care and they needn't to. The majority of computer users is
> hardly capable of sending emails, if they get it preset so that it's
> PGP encrypted and they're smart enough not to give the password to
> everybody, everything's fine.
>
> I'd never use an encryption schema of yours or mines, simply because I
> don't need to. You can't make it more comfortable to use since it's
> nearly perfect. You can't make it more secure, since you can't hire
> dozens of cryptographers to analyze it. You can't make it noticeably
> faster since I don't notice the time it takes at all.

For people that don't care about crypto stuffs, then it is logically
entirely trivial that my post doesn't concern them at all, right? I
was arguing whether "in principle" an encryption algorithm should be as
simple as possible in some sense. (Just like whether a math deduction
should be in some sense neat and easy to comprehend, or what is implied
by Occam's Razor, etc.)

M. K. Shen
From: Maaartin on
On Jul 10, 4:41 pm, Mok-Kong Shen <mok-kong.s...(a)t-online.de> wrote:
> For people that don't care about crypto stuffs, then it is logically
> entirely trivial that my post doesn't concern them at all, right?

Sure, but that's not what I meant.

> I
> was arguing whether "in principle" an encryption algorithm should be as
> simple as possible in some sense. (Just like whether a math deduction
> should be in some sense neat and easy to comprehend, or what is implied
> by Occam's Razor, etc.)

Sure, although such a simplicity would be rather of aestetical value
only. Many existing crypto algorithms are quite simple, and I'd say
that Chacha-20, RC4 and RC6 are simpler than your proposal (but I
haven't read it very carefully). What's complicated is the crypto
theory.
From: Mok-Kong Shen on
Maaartin wrote:
> Mok-Kong Shen wrote:

>> I
>> was arguing whether "in principle" an encryption algorithm should be as
>> simple as possible in some sense. (Just like whether a math deduction
>> should be in some sense neat and easy to comprehend, or what is implied
>> by Occam's Razor, etc.)
>
> Sure, although such a simplicity would be rather of aestetical value
> only. Many existing crypto algorithms are quite simple, and I'd say
> that Chacha-20, RC4 and RC6 are simpler than your proposal (but I
> haven't read it very carefully). What's complicated is the crypto
> theory.

I don't know Chacha-20 and can't say anything offhand but agree that RC4
is simple and nice. (If I were to criticize RC4, I would say that the
reason of choice of the specific swapping used is not transparent.)
On the other hand, I'll consider RC6 more complicated in my sense.
Note that, in my proposal that was chosen for illustrating the principle
of simplicity, only matrices and polynomials are involved (I
'implicitly' assumed use of PRNGs based on polynomials) and that's
familiar even to the pupils in schools. Anyway let me place stress on
the principle advocated, which can be employed, if desired, in an
arbitrarily larger context than using any single algorithm, i.e.
multiple encryption with different simple algorithms (and the
repetition of that). To be particularly noted is also the "dynamics"
that is "implicitly" involved.

M. K. Shen
From: John Nagle on
On 7/9/2010 6:32 AM, Globemaker wrote:
> Here's an idea, use a stable website as keying material. Find a
> website that has a text story of about 20 kilobytes. The text must
> remain unchanged for years. Use that as a one time pad OTP to XOR with
> the message. The message has a plaintext preamble that give an offset
> number that defines which character is the beginning of the OTP. The
> preamble also gives the URL of the website.

Very bad idea. It's quite possible to recover two English
texts which have been XORed together.

A "one time pad" must be random (not pseudo-random, random),
and it must be used only once (not twice). Look up "Venona".

John Nagle

"No new cypher is worth looking at unless it comes from someone who
has already broken a very hard one" - Friedman
From: Mok-Kong Shen on
[Addendum] Concerning item (3) of my post I like to add for
completeness that one way of obtaining a sufficiently good PRNG
for the purpose of the present context is IMHO what I proposed in
the thread "A simple scheme of combining PRNGs" of 01.06.2010.
As to the use of the Hill matrix, if one uses a 4*4 matrix, there
are 16 (dynamically generated pseudo-random) elements corresponding
to the 4 elements each of plaintext and ciphertext elements. There
is thus here alone a very high degree of indeterminancy that thwarts
the analysis. Note also that the assumed availability of a PRNG
enables one to employ, if desired, some simple means of multiple
encryption (i.e. in addition to the Hill matrix), e.g. xoring with
the PRNG output, bit rotation in words and permutation of words in
larger block of words.

M. K. Shen