home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
Hacker 2
/
HACKER2.mdf
/
cud
/
cud534c.txt
< prev
next >
Wrap
Text File
|
1995-01-03
|
5KB
|
94 lines
Date: Fri, 7 May 93 11:43:56 EDT
From: Jerry Leichter <leichter@LRW.COM>
Subject: File 3--Cryptography and Mythology
In a recent issue of Cud, Mike Godwin presented a series of
interesting arguments concerning the Clipper initiative and the
Constitution. Before he even got to those arguments, however, he
mentions in passing a few issues that have been brought up repeatedly.
I'd like to deal with one in particular. Mr. Godwin writes:
> 2. Refusal to allow public scrutiny of the chosen
>encryption algorithm(s), which is the normal procedure
>for testing a cryptographic scheme, and
I've seen this argument in various guises and in many different
forums, from the most ill-informed flames in Usenet newsgroups to
statements by the EFF and industry groups. What I find fascinating is
the way that a claim like this can come to be believed, when in fact
it has NO basis in reality.
Until quite recently, almost all cryptography in the world was carried
out by the defense establishments and foreign services of the world's
governments. The systems they used, and the systems they continue to
use to this day, were NEVER subject to public scrutiny. The NSA
continues to attempt to keep under tight secrecy all information about
their cryptographic work, including information about systems and
techniques that were used 40 and more years ago. Despite their
general success in this regard, as far as I can tell more information
has been published about NSA systems and techniques than those of any
other country (with the possible exception of Britain, if you believe
what Peter Wright has to say in Spycatcher) - and some of what has
been published out the techniques of others has probably come through
NSA sources.
What little private cryptography existed was based on modifications of
older military cryptosystems - e.g., the famous Hagelin machines,
based on modifi-cations of World War II technology. The security of
these machines was never "subject to public scrutiny", and in fact we
now know that they were long ago broken by the cryptoanalytic services
of the world's major powers.
Today, I think it's safe to say that the majority of encrypted
communication is still carried out by the same organizations, using
systems whose inner workings remain secret and definitely not subject
to public scrutiny.
Of the remaining encrypted communication, ignoring the many trivial
algorithms in use, the bulk of significant encrypted traffic is almost
certainly based on DES. While the DES algorithm is public, the design
choices behind it remain secret to this day. It took Shamir's
re-discovery of differential cryptography to justify the choice of the
P boxes and the number of rounds in DES. To the shock of conspiracy
theorists, differential cryptography ended up showing that DES was as
strong with respect to this important class of attacks as any system
of its size could be. What has gone unmentioned is that we STILL
don't have a definitive statement as to the design principles behind
DES: It took 15 years to re-discover differential cryptography.
Might there be another, different attack that no one in the outside
world has found yet? We don't know: The most widely used public
cryptographic system is subject to only a limited degree of public
scrutiny.
If you watch the appropriate Usenet newsgroups, you'll get the
impression that "everyone" is using PGP. In fact, not only is the
total message traffic encrypted using PGP or related systems
insignificant outside of this rather rarefied atmosphere, but it's
worth pointing out that the PGP itself is based on IDEA (or is it
FEAL?), a cryptosystem in the same class as DES - a class of
cryptosystems that it is not at all clear is thoroughly understood in
the research community. (Shamir's work demolished several related
systems that had been seriously proposed. IDEA IS secure - against
this class of attack.)
Where, then, are we to find a "normal procedure for testing a
cryptographic scheme" that involves "public scrutiny of the chosen
encryption algorithm(s)"? "Public scrutiny" in the sense the term is
being used here is very much at the center of academic life. It is
NOT at the center of almost anything else in the world. It's hard to
find a single product that we use on a day to day basis that has been
subject to "public scrutiny" in this sense. Important details of
design and manufacture of products are trade secrets. GM won't tell
you the algorithms used in the chips that control your new car's
engine. Coca Cola won't tell you what goes into their "secret
formula".
Most of the world is not academia, and does not share academia's value
system. The "normal procedure for testing cryptographic scheme(s)"
does not exist, and has NEVER existed. What has existed is the
"normal procedure for testing results presented for academic
publication", which has been applied, quite properly, to academic work
on cryptography. This is quite a different thing.
Downloaded From P-80 International Information Systems 304-744-2253