-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Robert J. Hansen escribió: > Faramir wrote: >> Ok, let me say something on my behalf: in my experience, when >> something does't work as well as expected, and people say "well... >> lets do it 2 times, that should work", usually that leads to >> something that works, but it is not as good as it could be... > > False premise. DES works every bit as well as we expect. Even today, > the best attack against DES is brute force.
I was not intending to say 3DES suffers from that problem. In fact, I don't have any experience with 3DES, and just about 5 months using gpg. Also, I have said many times I am talking about a "dislike" not based in a rational reason (sorry if I am being redundant there). So probably it is a mistake to try to explain in a logical way something that is, by definition, non based on logic. But since maybe I caused a wrong impression, I will try to clarify a bit my point of view... the rational one. >> Well... that resumes what I would expect from something designed to >> be applied once, and "fixed" by applying it 3 times... > > This is historical provincialism. When people is lazzy and don't want to spend time and energy to make a proper solution for a problem, and just take what they have and adapt it in a sloppy way, they use to get solutions that are bulky, non aesthetic, and with a lot of disadvantages... a bit like you described the performance of 3DES. But these solutions need to be good enough to be able to be considered "solutions". For that reason, I have a biased feeling about solutions that seems to be done that way. I don't have a knowledge deep enough on 3DES (on any encryption algorithm, I lack the maths skill needed for that) to be able to judge it, and I don't intend to judge it. But when I saw an article about 3DES, and I understood (or _misunderstood_) it was just to apply DES 3 times, that arose the same _feeling_ that I feel when I see a sloppy job. But it was just a feeling, not a rational condemn to that algorithm, or to the people who developed it. I _DONT_ think the developers of 3DES are (or were, I don't even know if they are still alive) lazzy, or any other adjective... these adjectives are for the people responsible of the sloppy jobs I have seen, and all those jobs were about masonry (I talk about building or fixing a house, not about the Society with the same name), electric installations, and that sort of manual work. So I always knew my experience was not applicable to software, and if I failed trying to point that, I admit my fault. I also knew 3DES is good enough to be the default and must have algorithm in OpenPGP, so despite any disadvantage it may have, it can't be a bad algo, or it would have been deprecated, or at least, there would be advices about avoiding its use if possible. >> The thing I dislike about "let's do it 3 times" is it was not >> designed to be used that way... > "The thing I dislike about the relativistic study of the electron shells > in a gold atom is that relativity was not designed to be used that way. > It's about large systems!" One thing is to discover new way to apply something, because that thing has many possible applications, and other very different thing is to apply something a lot of times to so solve a problem, instead of looking for a better solution. I will give an example: Once I saw a shelf attached to the wall by no less than 24 screws. When the shelf was removed, the wall looked like it had been attack with a screw-shooting machine gun. Sure, the shelf was firmly attached to the wall, but it would have been better to use bigger screws, or maybe to add "legs" to it to support its weight. Or maybe some other solution. But it is not the same than to discover a painkiller can also reduce the risk of heart strokes. > If you make a groundbreaking advance in any field, that advance will in > turn open the door to new advances which will build on your original > idea. DES made us consider group theory; we then discovered "hey, you > can chain them together!"; now we do it. Where's the problem? >> I get the impression 3DES is a "patched" DES. > > It's not a patched DES. Not in the sense that you're thinking of it. I don't know if the article I read was not clear enough about that point, or if I failed to notice it. If 3DES is the application of a theory that was not considered before, then it is not what I thought it was. If 3DES is built using DES, as a wall is made using bricks, I don't have anything against that. > Blowfish had a sign extension error in its first printing. Software use to have errors, or bugs, and it is ok to fix them. The problem comes when the hole that need to be patched is a triangle, and the patch is a square, and you need to use a hammer to make it fit inside the hole... I will make another comparison... lets suppose I build a house, and after a while, I notice the door is not strong enough for my safety requirements. I can replace it with a stronger door. Or I can get another weak door, and nail it to the original door, to increase its strength, even if now it doesn't follow the wall line, and also, since all those nails made it a lot heavier, now I need to lift the door a bit to be able to open or close it. > GnuPG itself is built one patch at a time. Yes, but I figure these patches are carefully designed to solve the problems without causing new ones. And if a bug is introduced, there are efforts to remove it ASAP. Best Regards -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQEcBAEBCAAGBQJI2iWiAAoJEMV4f6PvczxABzoIAKOBdHWiqaWqAHNRsjfF8f6K 9YX+eyEhBR6dyFqCXsvn26FT2fzPH4Mbqg0Q0kaAHDGFgDUn8kpmaWOOnLfXHeud Ebf8so6hG5mgNlvMU8HCNGpIr02qlcm7FMmMXZwpVbUa6sqjyquwy9znK2sYIuol HWvyAFrQofV2iZJHuLsppPwyej3apStDm7IEx3TfNRGsvzlHcx/pXC5FM8XoNrnS EPH692iWRiiQ6RAezvwpR7yd1vIzTd7GDowhx2yLUzd7bk1aXlSxhYCyzrSF0i26 gDdGkZRmlHsMu9JvNXjtxE+DzgE/eXYU1vnbrqx3yYlWoXclHEnXlQK85sfZGMI= =Tc1A -----END PGP SIGNATURE----- _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
