Re: Security of Secret Algorithm encruption

William L. Bahn wrote:

> "Andrew Swallow" <am.swallow@btopenworld.com> wrote in message
> news:dgh60k$i7b$1@nwrdmz01.dmz.ncs.ea.ibs-infra.bt.com...
>
>>John E. Hadstate wrote:
>>
>>
>>>"William L. Bahn" <william@toomuchspam.net> wrote in message
>>>news:-aGdnfWD9dFsVbbeRVn-3g@pcisys.net...
>>>
>>>
>>>>What I'm trying to get a feel for is how much harder
>>>>performing a
>>>>cryptanalysis is when the algorithms aren't known - or at
>>>>least
>>>>until they are known.
>>>
>>>
>>>Laying aside the technique of simply guessing a solution,
>>>the cryptanalyst must discover an algorithm that decrypts
>>>the ciphertext.
>>>
>>>I'm going to go out on a limb here and speculate that the
>>>minimum number of bits required to express this algorithm
>>>(which implicitly includes the "secret key") minus the
>>>amount of entropy in the "secret key" itself is the amount
>>>of entropy contributed by keeping the algorithm secret.
>>
>>The people making the code are probably beginners. All the
>>beginner's mistakes have known attacks. Simply go down the
>>list of attacks until one of them works.
>>
>
>
> In practice, I would certainly agree. But what if they didn't
> make all of the beginner's mistakes? Asked another way, perhaps,
> is how complicated does the "simplest" algorithm need to be while
> avoiding all of the "beginner's mistakes"?

Simplest with no mistakes = AES or 3DES.

The government does not pay extra for unnecessary complexity.

Andrew Swallow
Received on Thu Sep 29 21:55:16 2005