John Kelsey (kelsey@plnet.net)
Fri, 17 Jul 1998 05:01:37 -0500
> From: Michael Paul Johnson <mpj@csn.net>
> To: CodherPlunks@toad.com
> Subject: Cipher aging (was: linux kernel loopkack encryption)
> Date: Thursday, July 16, 1998 8:43 PM
> We sort of agree. Age doesn't increase the strength of any cipher,
but
> review and public scrutiny do increase our knowledge of how strong
the
> cipher is. This is, indeed, very valuable. On the other hand, there
must be
> some value to keeping ciphers classified or our own government and
some
> companies wouldn't do so.
NSA has at least three reasons to keep their algorithms a secret:
1. It's harder to cryptanalyze what you don't know.
2. They don't want to give algorithms they can't break to outsiders.
3. They don't want to leak information about cryptanalytic
techniques
or cipher design techniques to outsiders.
Companies may want to avoid interoprability and slow down reverse
engineering
efforts. However, very few companies have the kind of in-house
talent and resources
required to design their own strong algorithms, so generally,
proprietary algorithms
are pretty lame.
> For the rest of us, though, who don't have a staff of
> paid cryptanalysts working for us, let the algorithms be published
and
> studied seriously for a while by anyone who wants to... but I'll
keep my
> keys secret, thank you.
Yes. There are various ways to keep parts of the cipher
specification secret while
still getting basically the same security. The CAST family of
ciphers does this with
the S-boxes, giving a set of guidelines for generating acceptable
S-boxes. We did
something related to this with Twofish (allowing for family keys).
To some extent, all
ciphers with key-dependent S-boxes, permutations, etc., have this
property, though
sometimes it ends up not adding much security.
> Michael Paul Johnson
> mpj@ebible.org http://ebible.org http://cryptography.org
> PO BOX 1151, Longmont CO 80502-1151, USA Jesus Christ is Lord!
--John Kelsey, kelsey@counterpane.com / kelsey@plnet.net
NEW PGP print = 5D91 6F57 2646 83F9 6D7F 9C87 886D 88AF
The following archive was created by hippie-mail 7.98617-22 on Fri Aug 21 1998 - 17:20:32 ADT