From: hughes@ah.com (Eric Hughes)
To: cypherpunks@toad.com
Message Hash: fd1a4386511db69cda6cbb83f61542c71bf483517071836b2559c136a83a9683
Message ID: <9404171607.AA29599@ah.com>
Reply To: <m0psVbk-00042fC@wet.uucp>
UTC Datetime: 1994-04-17 16:15:19 UTC
Raw Date: Sun, 17 Apr 94 09:15:19 PDT
From: hughes@ah.com (Eric Hughes)
Date: Sun, 17 Apr 94 09:15:19 PDT
To: cypherpunks@toad.com
Subject: If however Dolphin Encrypt was extremely strong ...
In-Reply-To: <m0psVbk-00042fC@wet.uucp>
Message-ID: <9404171607.AA29599@ah.com>
MIME-Version: 1.0
Content-Type: text/plain
I repeat my advice: Don't use Dolphin Encrypt if you want secrecy. If
you want something that will provide short term security against
unsophisticated opponents, it's probably fine.
For why I think this, read on.
>>>Are you somehow implying the Dolphin Encrypt withstands critical
>>>examination? Be real.
>Real? "Anonymous" here reveals that he has not been keeping up
>with the literature. DE was examined critically by Prof. Cipher
>Deavours in the October 1993 issue of Cryptologia, who (after studying
>the C source code for the encryption algorithm) wrote: "The diffusion
>process employed in the ciphering of data is fairly complex for an
>inexpensive system such as this one."
1. The description of the cipher used for Dolphin Encrypt is not
published. It is available only by special arrangement. It is not
open to casual inspection.
2. Complexity is no criterion at all for ascertaining the security of
a cipher. Complexity is not even necessary; for example, a stream
cipher based upon one of the number-theoretic PRNGs is quite strong and
simple to describe.
One of the very most basic errors of making ciphers is simply to add
layer upon layer of obfuscation and make a cipher which is nice and
"complex". Read Knuth on making random number generators for the
folly in this kind of approach.
Designing secure ciphers requires some theory as why you expect the
cipher to be secure. "Adding complexity" is false security of the
worst kind.
I've not seen the DE cipher. I won't sign a non-disclosure agreement
in order to do so. I have seen an outline of the cipher, and it
smacks of the "many layers of complexity" model.
The author of DE:
>>The
>>encryption algorithm used in Dolphin Encrypt is defined by the C source
>>code for the encryption and decryption functions,
"Defined by the source code." In a better world, I would need say no
more after pointing out this phrase.
Peter Davidson:
>Perhaps the
>source code is not posted on sites such as soda because the publisher
>does not wish to expose himself to the the charge of making a strong
>crypto system available for export.
I asked the author of DE why it wasn't available. He's worried that
he'll lose a valuable trade secret. He greatly overestimates the
value of such secrecy, believing it to be positive instead of
negative.
>and is ignorant
>of the cryptographic competence of the author (or authors) of DE.
This I am not ignorant of. The author of DE knows only the very most
basic of statistical tests. He goes on and on about the posterior
statistics of the ciphertext without even once examing the conditional
statistics of the ciphertext relative to the plaintext. These
conditional probabilities are an absolute necessity to examine. The
author of DE does not even mention them, much less mentioning advanced
techniques like differential cryptanalysis.
>Yet,
>rather than withholding judgment until more information is available,
Ciphers are insecure until proven secure.
Ciphers carry the presumption of guilt, not innocence. Ciphers
designed by amateurs invariably fail under scrutiny by experts. This
sociological fact (well borne out) is where the presumption of
insecurity arises. This is not ignorance, to assume that this will
change. The burden of proof is on the claimer of security, not upon
the codebreaker.
Until a cipher has undergone testing by differential cryptanalysis, it
should be considered insecure. Until a cipher has undergone testing
by linear cryptanalysis, it should be considered insecure. Etc.
The person who says "If you can't break it, it must be secure"--well,
I don't feel very polite today--that person has their head up their
ass.
>Eric seems to have a burr up his ass regarding either DE or its
>author(s).
Yes, I do. The rhetoric the DE promulgates is toxic.
>His misrepresentation (e.g. that the DE cipher is not
>public)
It is not public. Being available does not make it public.
>and lack of logic (e.g. we don't know that X is true therefore
>X is false)
The lack here is the lack of understanding that we have an
epistemelogical question, not a question of fact. It may be that DE
is secure, but I sincerely doubt it. Nevertheless, it should not be
considered that DE is secure until we know that it is secure.
>Apparently as regards DE Eric is not capable of
>anything except smear tactics.
Now this, _this_ is an insult. Peter Davidson doesn't understand the
process of vetting a cipher, and so claims that I must be on a smear
campaign. He doesn't understand the difference between public and
available-under-contract, i.e. private, and so accuses me of having an
unfounded argument.
Rather than simply discussing the matter, Peter Davidson chooses to
insult me.
One word: projection.
>The astute readers of this list are
>not likely to be fooled by this.
Flattery of the audience. How, er, quaint.
Eric
Return to April 1994
Return to “wet!naga (Peter Davidson)”