From: Sergey Goldgaber <sergey@delbruck.pharm.sunysb.edu>
Date: Mon, 7 Mar 94 00:41:15 PST
To: Eli Brandt <ebrandt@jarthur.cs.hmc.edu>
Subject: Re: Standard for SteGAnography
In-Reply-To: <9403050859.AA13734@toad.com>
Message-ID: <Pine.3.89.9403070307.D1315-0100000@delbruck.pharm.sunysb.edu>
MIME-Version: 1.0
Content-Type: text/plain


On Sat, 5 Mar 1994, Eli Brandt wrote:
 
> My point is, invulnerability to *what attack*?  An attacker may know
> the algorithm, or not; may have known plaintext; may be able to
> choose plaintext; may be able to read a channel, or to garble it, or
> to change it; may have limited or unlimited space and time; might be
> able to factor in polynomial time -- there are a lot of parameters
> here.  And it makes no sense at all to say, "Well, let's just
> consider the strongest possible attack."
> 
>    Eli

My original response was concerning an algorithm "good enough to withstand 
an opponent who has full documentation of your algorithms and methods lots 
of funds, and everything except your keys."

That opponent may, concievably, be the NSA or another person/organisation 
with access to similar resources.  The consensus seems to point to such 
an opponent as being one who could mount the "strongest possible attack".

It may not be practical to consider such a general danger when designing 
particular encryption schemes; but, it is likewise impractical to make 
sweeping generalizations concerning a given scheme's invulnerability.


Sergey