Comments

Nick PMarch 11, 2010 1:24 PM

@ Bruce

No mention of whether the more detailed stuff is any good or not? Like, their discussion of designing & breaking them. What do you think at first glance?

@ Phillip

A wiki? I just love that. I think I'm going to do an edit on the wonders of escrowed encryption, particularly a "provably secure" cipher called Skipjack that the US government "encourages" as a "replacement" for AES. Actually, I figure that would get pulled quickly, but other subtle (intentional) errors might last longer.

J.D.March 11, 2010 2:28 PM

Seems pretty bare bones at the moment. Someone made a good start on the "mathematical background" section (though there is far more to cover). But the "basic design principles" section is hardly enough to cover a napkin.

Also, I am sensing an incipient "cipher"/"cypher" wiki-war....

Clive RobinsonMarch 11, 2010 2:53 PM

@ Nick P,

"but other subtle (intentional) errors might last longer."

If you think about it they don't need to be intentional or subtle, or for that matter errors in the here and now.

John von Newman made the comment about determanistic systems for random sequencies and "living in a state of sin".

Yet we now consider that determanistic systems (AES + Counter) are probably the best way for generating very large numbers of "random numbers" with no (realisticaly) detectable sequence...

And Adam Young and Moti Yung have gone on about kleptography, which shows us how a "secret key" can be hidden in a Public Key to reveal the Private key...

All of which sugests we have eaten the "Eat me Pill" and have followed "the white rabbit" and further do not see a reflection when we look through the looking glass...

GLMarch 11, 2010 4:54 PM

As always these efforts depend on the people that contribute but more importantly people that supervise. Is there any way to get someone like Bruce or other well know people to moderate this to ensure the quality?

Nick PMarch 11, 2010 5:22 PM

@ Clive Robinson

You may very well be right, but I can't comment too much here: much of the math & theory behind crypto primitives is over my head. I wouldn't pretend to know what I was talking about. ;) I hadn't heard about kleptography, though. Must look into it. Tks for the mention.

@ GL

Sounds like a good idea. If it's hard to get well-known figures, then I'd suggest they try to get college cryptography students to try it. Those that have been taught the material can be encouraged to submit or moderate, with a record kept of contributions. They could use this as kind of an early resume while contributing to the community at the same time. The odds seem better than getting a well-known pundit to do it, esp. one who makes money selling books on the subject. What do you think, GL?

Clive RobinsonMarch 12, 2010 1:00 AM

@ Nick P,

"much of the math & theory behind crypto primitives is over my head. I wouldn't pretend to know what I was talking about."

That's proably true for Oh let's say 99.999...% of the people building crypto systems.

It is actually an "engineering subject" these days just like building big bridges or complex computer systems.

People forget that engineering is where science meets art for the practicalities of life.

As a general rule of thumb "a technicaly ugly machine" is likley to have design problems...

Perhaps oddly the same rule of thumb applies to other systems (including maths and logic) thus if it looks ugly to the minds eye it probably has nasty little knarly bits that hide weaknesses.

And there may well be a reason for this "... eye of the beholder" issue. Simple elegant structures that cleanly sweep and flow are easier to see in the mind, and thus you can see more of them.

Tell you what I'll have a little side bet on the side on the curent NIST "Hash competition". If you produce a pictorial representation of the logic and flow of the candidates, those that look ugly have either already gone or are on their way out...

Yes it's an apparently "emotional view point" but simplicity and elegance are what drives us at a very very fundemental level in our brains and it clouds are judgment.

If you want to sell something to some one pick a way of making a picture with it that makes it look elegant and desirable...

Oh and getting back to the maths... we've had this conversation befor about some bloke called Goedel, so "sometimes you have to go with the flow" instead 8)

Clive RobinsonMarch 12, 2010 1:18 AM

@ J.D.,

'Also, I am sensing an incipient "cipher"/"cypher" wiki-war....'

There is an underlying reason for this and it goes back oh ....

It is like the song,

"You say patatoe I say potato,

You say tamatoe I say tomato,

Tamatoe tomato
Potato patatoe

Let's call the whole thing off..."

There are a couple of other words that are going to cause problems.

"Decrypt" and "nonce"

The first in some languages "encrypt / decrypt" have the same meaning as "inhume / exhume" thus Decrypt effectivly means to "grave rob" and that has very very strong emotional content in some places.

Likewise "nonce" meaning "Number used ONCE" in cryptography has a whole different meaning in the UK where it is a "slang word" for a man that preys on children. Which likewise produces strong emotion...

GuSMarch 12, 2010 1:56 AM

@ Clive,

Very interesting thoughts. Thanks.

As always, one has to adopt to the context at hand. We all do so in the spoken language.

If I was to use the word 'decrypt' while being in a religious context, I would be much surprised if someone answered "pgp", "GnuPG" or "twofish".

When in a data security related context, talking about encryption schemes and the underlying maths (I wouldn't be able to do that myself :-), we would be very surprised if someone was to answer something about graves and corpses.

When we speak, we make an assumption that the listener will apply what we tend to think of as common sense and correctly interpret what we say by putting it in the right context and also to correctly interpret what we say if we express ourselves in a way that could be interpreted in more than one way. This is one important thing that distinguishes us from computers.

It all boils down the Good Will of the listener to either understand or deliberately misunderstand.

The same goes (or should go) for written communication, like in a book.

When somebody reads and participates in a community driven Web site about data encryption and chooses to misunderstand the word 'decrypt' as something to do with grave robbing, then s/he only shows a proof of bad will. (IMNSHO)

GuS

WinterMarch 12, 2010 2:00 AM

@Clive Robinson:
"Yes it's an apparently "emotional view point" but simplicity and elegance are what drives us at a very very fundemental level in our brains and it clouds are judgment."

Why elegance in good and ugliness is bad.

Quite simple. If you look at an elegant system, you "understand" it. This is about symmetry and predictability. You immediately see that all parts work together.

Ugly things are, generally, asymmetric and unpredictable. You have to check every part and connection to understand what is in there.

It is quite obvious that you will catch errors much, much easier in elegant systems than in ugly systems. Even if an ugly system would be the right choice, it would be much harder to get it right.

Btw, the biological background of our sense of beauty is that disease, parasites, and birth defects all tend to result in asymmetric body proportions. Strength and health go symmetric. [fill in other biological steps].

Moreover, symmetry is much easier to understand. [fill in Kolmogorov complexity]

Winter

Clive RobinsonMarch 12, 2010 3:06 AM

Having had a quick look at it over a cup of coffee this morning I notice there are some errors in there...

Some of them are a mater of well known historic knowledge, which makes me think some of the writers need to brush up a bit on their refrence searches etc.

Ho hum as Bruce knows these things happen so I might drop them a note or fifteen...

GreenSquirrelMarch 12, 2010 3:51 AM

Like all wikis it will only surivive if people who know what they are doing get interested.

If you are a crypto expert (I am pretty much as far in the opposite direction as possible) then you can either help them - and edit the wiki - or mock their mistakes.

I have no emotional investment in this so I see either option as valid.

ytMarch 12, 2010 6:04 AM

I am very excited about this. I don't really have much to contribute, except maybe grammatical pedantry, but I'm very interested to see how the wiki develops. It's sort of like a real-life version of the Cryptonomicon.

BF SkinnerMarch 12, 2010 7:29 AM

@Cllive "There are a couple of other words that are going to cause problems."

Of my favorite non-word "zeroize"

@yt "...grammatical pedantry..."
Don't demean it. I hired a developer who's best day was when he found out he didn't have to document anything beyond his code. Win-win we got good code AND good documentation.

A good tech writer is a thing of joy.

Alan KaminskyMarch 12, 2010 7:39 AM

@GL

"As always these efforts depend on the people that contribute but more importantly people that supervise. Is there any way to get someone like Bruce or other well know people to moderate this to ensure the quality?"

Try Scholarpedia. There's a vote to determine who should curate the cryptography article, Ron Rivest or our own Bruce Schneier. Or add your own candidate.

http://www.scholarpedia.org/article/Cryptography

ytMarch 12, 2010 8:40 AM

@BF Skinner: I completely agree. Technical writing is what I do for a living. Nice to see someone else out there appreciates it.

BF SkinnerMarch 12, 2010 10:47 AM

@yt "appreciates it"
No worries. My first expience in a matrix team taught me the value of a good tech writer. We turned around a complete complex system certification from planning through test and authorization in no time 'cause of the writer.

Course that experience gave me a shiney new strategic target in all organizations I've penetrated since then. While everyone in a team knows their deliverables and the PM knows the process flow...the Tech writer has their hands on the comprehensive view. They know where everyone is and what they are doing.

decrypting nonceMarch 12, 2010 11:35 AM

@ GuS
If I was to use the word 'decrypt' while being in a religious context, I would be much surprised if someone answered "pgp", "GnuPG" or "twofish".

How about the miracle of the fiveloaves and twofish?
http://en.wikipedia.org/wiki/...

J.D.March 12, 2010 11:55 AM

@Clive,
"As a general rule of thumb "a technicaly ugly machine" is likley to have design problems...

Perhaps oddly the same rule of thumb applies to other systems (including maths and logic) thus if it looks ugly to the minds eye it probably has nasty little knarly bits that hide weaknesses.

And there may well be a reason for this "... eye of the beholder" issue. Simple elegant structures that cleanly sweep and flow are easier to see in the mind, and thus you can see more of them."
_____________
I wonder if this is why MARS got so few votes during the 2nd round of AES. Maybe this is just my impression, but there is something kludgy and inelegant about that cipher, especially the E function of the core rounds, and the key schedule...

Nick PMarch 14, 2010 10:26 PM

@ J.D.

"I wonder if this is why MARS got so few votes during the 2nd round of AES... there is something kludgy and inelegant about that cipher..."

Probably. When teaching aspiring security engineers, I try to ingrain in them that "tried and true is better than novel and new." The point is that clever, new tricks might hide unforseen problems. With the old stuff, we usually know its weaknesses & how to work around them. So, we have a bunch of ciphers that build off of accepted techniques and then this clever, fancy cipher from IBM. In theory, MARS can have a much higher security margin than the others, but in practice I prefer something easy to analyze. I just feel safer that way. So, MARS didn't get my vote: Serpent did.

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc..