1996-03-10 - Cryptanalysis

Header Data

From: tcmay@got.net (Timothy C. May)
To: Alan Olsen <cypherpunks@toad.com
Message Hash: 8a50a62eeee1852f7e326a603f05ec02ee0afc6cd1cdb7d6b9b8784edfe35bf6
Message ID: <ad5b7b8a07021004455b@[205.199.118.202]>
Reply To: N/A
UTC Datetime: 1996-03-10 06:01:16 UTC
Raw Date: Sun, 10 Mar 1996 14:01:16 +0800

Raw message

From: tcmay@got.net (Timothy C. May)
Date: Sun, 10 Mar 1996 14:01:16 +0800
To: Alan Olsen <cypherpunks@toad.com
Subject: Cryptanalysis
Message-ID: <ad5b7b8a07021004455b@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 6:32 PM 2/29/96, Alan Olsen wrote:

>Here is the problem...  I am looking for texts on the breaking
>of cyphers.  (I want to show him WHY the cypher is insecure and
>not just say "<scottish accent>It's crap!</Scottish accent>".)
>I have done a couple of searches and have come up fairly dry.

There are several places to look:

* The Aegean Park Press line of books on military cryptanalysis, mostly the
books by Friedman and his associates. Computer Literacy (on the Web)
carries most of them. (Also mentioned in various crypto FAQs, as I recall.)

However, these books are based on work done in WWII and the following
decade(s), so the stuff is pretty dated. Still, nearly any "snake oil
crypto" system, such as it sounds like your friend is building, will likely
be far weaker than the ciphers the NSA was attacking back in the early
days.

(I just noticed that Bill Frantz made the same comments about the Friedman
books. By the way, our own John Gilmore was instrumental in getting one of
the last ones out into print; as I recall, he found one of them in a public
library, and thus Aegean Park Press was able to republish it without the
NSA stopping them.)

* Several textbooks have good chapters on cryptanalysis, often buried in
the "problems" section. I think Denning's book has a good chapter on the
methods.

* The journal "Cryptologia" is largely devoted to amateur cryptanalysis.

>The Cyphernomicon has a couple of paragraphs, but nothing on
>techniques or pointers to other references.  RSA's FAQ has
>little to nothing as well. A web search turned up little
>useful. Most of the other references I have found have been for
>current cyphers, but next to nothing about breaking them.

There are very good reasons to say little about "conventional
cryptanalysis": it just doesn't matter much with modern ciphers, such as
public key systems. Modern ciphers don't fall to conventional attacks based
on word frequency, pattern analysis, etc.

Your friend is on a hopeless task. If he doesn't understand just how
hopeless it is to develop a homegrown, conventional cipher then he's
certainly not likely to take the time to become a skilled amateur
cryptanalyst.

--Tim May


Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."









Thread