| |
 |
|
|
Science Forum Index » Cryptography Forum » Ping: David Scott "biject" regarding behavior of...
Page 2 of 2 Goto page Previous 1, 2
|
| Author |
Message |
| Kristian Gjøsteen... |
 Posted: Sun Jul 13, 2008 10:18 pm |
|
|
|
Guest
|
<fortune.bruce at (no spam) gmail.com> wrote:
Quote: So it is highly unlikely the PP guys are doing that, right?
They either have a one-time pad or they are doing something wrong.
No matter, the software is not interesting, nor is the prize, nor is
the company.
--
Kristian Gjøsteen |
|
|
| Back to top |
|
| Greg Rose... |
| Posted: Mon Jul 14, 2008 8:10 am |
|
|
|
Guest
|
In article <x6Odne8MBt5Q9-fVnZ2dnUVZ_uCdnZ2d at (no spam) supernews.com>,
David Eather <eather at (no spam) tpg.com.au> wrote:
Quote: Quadibloc wrote:
On Jul 13, 1:13 pm, g... at (no spam) nope.ucsd.edu (Greg Rose) wrote:
The real
question is, if it is a hybrid including AES, why
is it any better than AES itself?
The item linked to seems to claim that it also includes a one-time-
pad, since if you brute-force the key, you will get *every possible*
plaintext.
If it really includes a real one-time-pad, and not one that is faked
using a stream cipher with a short key, then their claims would be
true - and, instead of selling insecure snake oil, they would _merely_
be selling something that had a problem because it was impractical.
John Savard
Perhaps they mean the key-space is large enough so that every possible
permutation is a possibility? A key of more than 706-bits might fit that
bill for a block cipher size of 128-bits.
Ummm, nope. Being a 128-bit block cipher, there
are (2^128)! possible permutations of the possible
128-bit values. Since you can sort them (at least
conceptually  ), you can specify every possible
128-bit block cipher by its position in that list,
using a number with log_2 (2^128)!) bits.
Now you can approximate that with Sterling's
formula, which says (ignoring some constants):
log n! ~= n log n - n + 1
So the number of *bits* in the number selecting
one of those permutations is about 128 * 2^128, or
2^135 bits in the key!
I don't know where you got the 706 above from, but
you're out by ummm... a few orders of magnitude.
Greg.
--
Greg Rose
232B EC8F 44C6 C853 D68F E107 E6BF CD2F 1081 A37C
Qualcomm Australia: http://www.qualcomm.com.au |
|
|
| Back to top |
|
| David Eather... |
| Posted: Mon Jul 14, 2008 3:41 pm |
|
|
|
Guest
|
David Eather wrote:
Quote: Quadibloc wrote:
On Jul 13, 1:13 pm, g... at (no spam) nope.ucsd.edu (Greg Rose) wrote:
The real
question is, if it is a hybrid including AES, why
is it any better than AES itself?
The item linked to seems to claim that it also includes a one-time-
pad, since if you brute-force the key, you will get *every possible*
plaintext.
If it really includes a real one-time-pad, and not one that is faked
using a stream cipher with a short key, then their claims would be
true - and, instead of selling insecure snake oil, they would _merely_
be selling something that had a problem because it was impractical.
John Savard
Perhaps they mean the key-space is large enough so that every possible
permutation is a possibility? A key of more than 706-bits might fit that
bill for a block cipher size of 128-bits.
Oops - seems I went wrong in a calculation. Please ignore 706. There
are 2^*716* permutations of 128 objects - which is still incorrect.
Thanks KG, GR (and FB) for correction. |
|
|
| Back to top |
|
| Greg Rose... |
| Posted: Tue Jul 22, 2008 12:00 am |
|
|
|
Guest
|
Further to this, Peter Schweitzer just posted the following to a
mailing list. I am posting it here
without permission, because I think it is self-evident that he
wouldn't mind.
Greg.
Peter Schweitzer at 2008/07/21 8:28 wrote:
A recent press release about a new cryptographic product, "Permanent
Privacy" (P.P.), mentioning my name, has led to a slew of
dramatically mistaken reports. Corrections: I have never had a
cryptography-related connection to Harvard. I had nothing to do with
the press release.
Concerning my alleged support for the claim that P.P. provides
"...the world's first practical data encryption system that is
absolutely unbreakable.":
Its "practical" versions are not "absolutely unbreakable", as I tried
hard to convince them. The only claim I ever supported was that if
the additive stream cipher that is one component of P.P. consists of
a properly managed 'One-Time-Pad', it (obviously) provides
unbreakable encryption.
Peter Schweitzer |
|
|
| Back to top |
|
| John E. Hadstate... |
| Posted: Wed Jul 23, 2008 4:40 am |
|
|
|
Guest
|
"Greg Rose" <ggr at (no spam) qualcomm.com> wrote in message
news:89a40fc1-f299-4e49-a504-66405a506e5c at (no spam) 2g2000hsn.googlegroups.com...
Quote:
Peter Schweitzer at 2008/07/21 8:28 wrote:
[Edited]
Quote: A recent press release about a new cryptographic product,
"Permanent
Privacy" (P.P.), mentioning my name, has led to a slew of
dramatically mistaken reports.
Concerning my alleged support for the claim that P.P.
provides
"...the world's first practical data encryption system that
is
absolutely unbreakable.":
Its "practical" versions are not "absolutely unbreakable", as
I tried
hard to convince them.
Peter Schweitzer
Looks like Schneier gets another dog for his doghouse. Thanks
for posting. |
|
|
| Back to top |
|
| |
Page 2 of 2 Goto page Previous 1, 2
All times are GMT - 5 Hours
The time now is Sat Nov 22, 2008 4:42 pm
|
|