Q: Kerchhoffs' principle
in [Cryptography]
|
From: Mok-Kong Shen on 5 Jan 2010 09:04 amzoti wrote: [snip] > Most stuff on the market today should be called privacy - because it > is certainly not security. An average common user is certainly not in a position to know the "real" quality of a security software. He has no choice but to rely on the reputation of the producer and assume that nobody (e.g. at the shop) has done any malicious manipulation on the particular piece he acquires. BTW, the same is with OS. In the days of Intel's 8080/8086, the OS was on a large plastic disk and many, who knew the assembler, could read the entire OS of a PC much like reading a novel. Now with Windows, where there are such things as automatic connection with remote sites to download updates and their automatic installation and with the myriad of virus, trojans (some such are rumored to even stem from official sides) etc., the real experts, who knows what "exactly" happens on his computer, are rare, unfortunately. M. K. Shen
From: Mok-Kong Shen on 5 Jan 2010 09:09 Joseph Ashwood: > "Mok-Kong Shen" wrote: >> Kerchhoffs' principle requires that one makes use of publicly-known >> algorithms, if I don't err. > > You do err, in the same way that most err is the application of > Kerchhoff. Kerchhoff's principal in question is that the level of > security is not affected by publication. In practice this means we > publish our algorithms so that others can catch our mistakes, the > publication does nto affect the security but it does improve our > understanding of the security and so affects our usage and improves our > security in practice. It is always important to realize that publication > does not make something secure, just as lack of publication does not > make something secure. So it does mean: (1) if one has one's own algorithm, one should publish it (in order not to have the disadvantage of errors undetected), (2) if one takes an algorithm from others, one should only take one that is publicly-known. Taking both these together, it amount to the same as I wrote above in my humble view. > To answer your further question, you'll want to take a look at "Cascade > Ciphers: The Importance of Being First" basically the combined system > will be at least as secure as the first cipher used. Even and Goldreich wrote in a paper that a cascade of cipher A with cipher B is at least as hard to crack as any of its stages indivicually. It is a stronger result than what you qouted in my view. BTW, it seems that, except for loss of universal compatibility, one could have certain (key dependent) permutations of round keys of block ciphers like AES without adverse effects. Thanks, M. K. Shen
From: unruh on 5 Jan 2010 13:05 On 2010-01-05, Mok-Kong Shen <mok-kong.shen(a)t-online.de> wrote: > amzoti wrote: > [snip] >> Most stuff on the market today should be called privacy - because it >> is certainly not security. > > An average common user is certainly not in a position to know the "real" > quality of a security software. He has no choice but to rely on the That is why insisting on open source security products is important. Even if you cannot examine the code, someone can, and can report on the problems. It makes the manufacturer more careful as well. > reputation of the producer and assume that nobody (e.g. at the shop) > has done any malicious manipulation on the particular piece he Bad assumption. You should be able to test it. Whether you do or not is up to you, but you should be able to. > acquires. BTW, the same is with OS. In the days of Intel's 8080/8086, > the OS was on a large plastic disk and many, who knew the assembler, > could read the entire OS of a PC much like reading a novel. Now with > Windows, where there are such things as automatic connection with > remote sites to download updates and their automatic installation and > with the myriad of virus, trojans (some such are rumored to even stem > from official sides) etc., the real experts, who knows what "exactly" > happens on his computer, are rare, unfortunately. Which again argues for opensource OS as well. If something suspicious comes up you can check. > > M. K. Shen
From: unruh on 5 Jan 2010 13:14 On 2010-01-05, Mok-Kong Shen <mok-kong.shen(a)t-online.de> wrote: > Joseph Ashwood: >> "Mok-Kong Shen" wrote: >>> Kerchhoffs' principle requires that one makes use of publicly-known >>> algorithms, if I don't err. >> >> You do err, in the same way that most err is the application of >> Kerchhoff. Kerchhoff's principal in question is that the level of >> security is not affected by publication. In practice this means we >> publish our algorithms so that others can catch our mistakes, the >> publication does nto affect the security but it does improve our >> understanding of the security and so affects our usage and improves our >> security in practice. It is always important to realize that publication >> does not make something secure, just as lack of publication does not >> make something secure. > > So it does mean: (1) if one has one's own algorithm, one should publish > it (in order not to have the disadvantage of errors undetected), (2) if > one takes an algorithm from others, one should only take one that is Yes, to both. However this is not Kerchoff's principle. > publicly-known. Taking both these together, it amount to the same as I > wrote above in my humble view. No. > >> To answer your further question, you'll want to take a look at "Cascade >> Ciphers: The Importance of Being First" basically the combined system >> will be at least as secure as the first cipher used. > > Even and Goldreich wrote in a paper that a cascade of cipher A with > cipher B is at least as hard to crack as any of its stages indivicually. While this may be true in general, it is not true always. Consider cypher A as DES, and cypher B as DES inverse. The combination is clearly far less secure than either individually. > It is a stronger result than what you qouted in my view. BTW, it seems > that, except for loss of universal compatibility, one could have > certain (key dependent) permutations of round keys of block ciphers > like AES without adverse effects. One could, or one could weaken it. It depends on what you do. But you should assume that your opponent knows what you did. Ie, it does not strengthen the cypher even in the best of cases. And since your knowledge of crypto is not as good as the people who designed AES, the chances that you unkowingly weaken it is relatively high. Secrecy of the cypher IS a form of security defense. But it should not be relied on. IF you use your cypher only with one other person, it may be a very good defense. If you use it with hundreds, it is a bad defense, because someone will leak the details to your opponent-- by accident or design. > > Thanks, > > M. K. Shen
From: Mok-Kong Shen on 5 Jan 2010 16:03 unruh wrote: [snip] > Which again argues for opensource OS as well. If something suspicious > comes up you can check. I doubt that an average normal user is in a position (has the knowledge and time) to check that a file of an opensource OS he downloaded from somewhere is absolutely ok, in the sense of free from manipulations. Similarly, he can't know whether a piece of hardware he acquires is ok. Of course, the probability of bugs should be negligible in general, but it might not be exactly zero under some rather unusual contexts (e.g. where one or one's organization is the target for manipulations for some reasons), I would surmise. M. K. Shen
First
|
Prev
|
Next
|
Last
Pages: 1 2 3 4 Prev: Infinite One-Time Pad, is this product BS? Next: reverse use of encryption and decryption |