Bill Stewart (bill.stewart@pobox.com)
Tue, 28 Jul 1998 23:01:28 -0700
At 11:12 AM 7/28/98 +0100, Mok-Kong Shen wrote:
>An ideal crypto algorithm should be easily understandable by the
>average person (i.e. not exclusively by the experts) and with all
>design principles clearly and fully laid open.
>DES is certainly not such a one.
That's not realistic; understanding why algorithms are strong
(as opposed to merely understanding how to implement them well)
requires more mathematics than the average technical college graduate has.
Most engineers know calculus quite well, and some differential equations,
but haven't spent any time doing group theory, or even much number theory,
but you can't do much crypto without them - and elliptic curves
are much hairier than basic RSA. And even among experts,
it took about 20 years before differential cryptanalysis was
rediscovered in public, though the Coppersmith asserts they
knew about it at the time and just kept it quiet.
And designing good S-boxes for the algorithms that use them is a black art;
can you really tell if the "selected values at random and discarded bad ones"
that some algorithms use is honest, or if the dice were loaded,
and the designers really took a trapdoor-equipped system and
reverse-engineered a plausible path for the randomness feeding it?
Rivest's MD5 work avoids some of this by starting with a
well-known number (was it pi or e?) and using it as a source of digits.
Thanks!
Bill
Bill Stewart, bill.stewart@pobox.com
PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
The following archive was created by hippie-mail 7.98617-22 on Fri Aug 21 1998 - 17:21:01 ADT