> The reason why the cryptanalytic community looked into whether DES forms a
> group is because the 56-bit keyspace was too short and we critically needed
> a way to compose DES into a stronger algorithm. That's not the case with
> AES.
Disclaimer : I am not a mathematician, only a student in mat
I am quite confident the majority of the people don't understand this,
but they don't need to. Someone can prove wether AES / Twofish / ... /
combinations of them is a group or not, and can then explain that
combinations are safer / at least as safe / less safe.
Yes. But please remember how thi
On 31-10-2013 22:36, Robert J. Hansen wrote:
> ... Or, in other words, your very first line assumes a level of
> mathematical knowledge that the overwhelming majority of people lack:
> namely, the abilities of understanding mathematical notion and TeX.
I am quite confident the majority of the peo
The advantage is,
that if it should ever be possible to brute force the keyspace of one key
No one will ever be able to brute-force a 128-bit key until such time
as we have quantum computers with 256-bit ensembles running at 3.2
kelvins and powered by stars.
Consequentially, I don't think
Playing Captain Obvious:
Excellent! Let's play more.
- \forall {A,B \in G} --> A X B \in G: G is closed.
What's this "\forall" and "\in"? I don't understand. Are those HTML
entity codes that my email client isn't presenting properly?
... Or, in other words, your very first line assume
On 31/10/13 16:37, ved...@nym.hush.com wrote:
> The advantage is, that if it should ever be possible to brute force the
> keyspace of one key, then NONE of the possible elements of the keyspace
> (including the *correct* key) will result in an identifiable *correct*
> plaintext. It will only result
On Thursday, October 31, 2013 at 10:06 AM, "Johan Wevers"
wrote:
>However, encrypting a message with AES with key1 and then
>encrypting it again with key2 (key1 unrelated to key2) can't make it less
>secure
>since any attacker can encrypt the intercepted encrypted message again
>with littl
On 31-10-2013 4:52, Robert J. Hansen wrote:
>> That's because ROT(N) is a group.
>
> Yes, but good luck answering the inevitable next two questions: "what's
> a group?"
Playing Captain Obvious:
G is a group for the operation X if:
- \forall {A,B \in G} --> A X B \in G: G is closed.
- \forall
On Wed, Oct 30, 2013 at 11:33:18PM +0100, Philipp Klaus Krause wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> Is there a known good way to combine multiple symmetric ciphers into
> something that is at least as strong as the weakest of them?
I sincerely doubt that there is, in the g
Having not read far enough down the thread, Mark H. Wood wishes to
recall a completely redundant message:
> Consider a composition of *three* ciphers:
>
> A := ROT13
> B := ROT10
> C := ROT3
--
Mark H. Wood, hasty poster mw...@iupui.edu
Machines should not be friendly. Machines should
On Wed, Oct 30, 2013 at 06:19:27PM +0100, Philipp Klaus Krause wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> Am 10.09.2013 15:30, schrieb Robert J. Hansen:
> > On 9/10/2013 6:35 AM, Philipp Klaus Krause wrote:
> >> I wonder if it would be a good idea to have an option to combine
> >
On 10/30/2013 7:20 PM, Johan Wevers wrote:
> That's because ROT(N) is a group.
Yes, but good luck answering the inevitable next two questions: "what's
a group?" and "how do we know if something's a group?" You very quickly
run into some complicated higher-level maths, and that's something best
av
On 30-10-2013 18:39, Robert J. Hansen wrote:
> If you first encrypt with ROT10 and then with ROT16, the final strength
> is not the maximum of (ROT10, ROT16). You may think that's a silly
> example, and I grant that it is, but it illuminates the point pretty
> well and avoids a lot of difficult m
> So, if I have ciphers A, B and C, and a way to combine them into one
> symmetric cpher that is at least as strong as the strongest among
> them, I could use this combined cipher for somewhat secure
> communication as long as at least one of A, B, C is not broken, even
> if I do not know which
> Is there a known good way to combine multiple symmetric ciphers into
> something that is at least as strong as the weakest of them?
Not one that generalizes to all ciphers.
signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailin
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Am 30.10.2013 23:51, schrieb Bob (Robert) Cavanaugh:
> I guess I lost track of the initial purpose of this thread. Why do
> you want this if you can only achieve the same cryptographic
> strength as one of the ciphers? What problem are you solving?
T
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Am 30.10.2013 23:33, schrieb Philipp Klaus Krause:
> Is there a known good way to combine multiple symmetric ciphers
> into something that is at least as strong as the weakest of them?
>
> Philipp
>
This should have been "... as the strongest of the
-521-5562
Fax: 858-385-8810
Cell:858-361-2068
-Original Message-
From: Gnupg-users [mailto:gnupg-users-boun...@gnupg.org] On Behalf Of Philipp
Klaus Krause
Sent: Wednesday, October 30, 2013 3:33 PM
To: gnupg-users@gnupg.org
Subject: Re: The symmetric ciphers
* PGP Signed by an
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Is there a known good way to combine multiple symmetric ciphers into
something that is at least as strong as the weakest of them?
Philipp
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.15 (GNU/Linux)
Comment: Using GnuPG with Icedove - http://www.
On Wed, 30 Oct 2013 18:06, p...@spth.de said:
> I wouldn't assme that: RSA is something taught in typical maths and
> computer science curriculums at universities. Factorization is a
> well-known problem.
Using RSA in a safe way is a not easy - it took more than 20 years until
most cryptographers
On Wed, 30 Oct 2013 20:25, p...@spth.de said:
> If we have plenty of randomness available, we could do this a
Entropy (which should be at the core of every CRNG) is a scarce
resource. Thus a one time pad is not going to work because you need
true random at the same size of the message.
> XOR th
If we have plenty of randomness available, we could do this a
different way:
Dangerously naive. Meet-in-the-middle and/or miss-in-the-middle
attacks could be devastating.
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/m
On 30/10/13 20:25, Philipp Klaus Krause wrote:
> If we have plenty of randomness available, we could do this a different
> way: XOR the message M with a random one-time pad P to obtain N. Encrypt P
> with A, and N with B.
Why are you inventing new crypto primitives? Symmetric crypto is already go
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Am 10.09.2013 12:35, schrieb Philipp Klaus Krause:
> I wonder if it would be a good idea to have an option to combine
> symmetric ciphers, e.g. users could state a preference list like
> this:
>
> TWOFISH+AES256 3DES+BLOWFISH+AES AES 3DES
>
> The me
Quoting Philipp Klaus Krause :
But ROT10 and ROT16 fail the condition that breaking them should be
substancially harder than applying them.
Arguing that "but that's not a real example!" is a nonstarter. It
wasn't presented as a real example. It was presented as a way to
illuminate the pr
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Am 30.10.2013 18:39, schrieb Robert J. Hansen:
>> Well, here's a (rough, and maybe naive) explanation of why I
>> assumed that the effort is at least max(a, b):
>
> If you first encrypt with ROT10 and then with ROT16, the final
> strength is not the m
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Am 10.09.2013 13:45, schrieb Werner Koch:
> You would also need a second public keypair to protect the second
> symmetric key. If you don't, the attacker would target the public
> key scheme directly - ah well that is in any case the lower hanging
>
Well, here's a (rough, and maybe naive) explanation of why I assumed
that the effort is at least max(a, b):
If you first encrypt with ROT10 and then with ROT16, the final
strength is not the maximum of (ROT10, ROT16). You may think that's a
silly example, and I grant that it is, but it illu
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Am 10.09.2013 15:30, schrieb Robert J. Hansen:
> On 9/10/2013 6:35 AM, Philipp Klaus Krause wrote:
>> I wonder if it would be a good idea to have an option to combine
>> symmetric ciphers, e.g. users could state a preference list
>> like this:
>
> No
On 09/10/2013 11:10 AM, Josef Schneider wrote:
> Why? Assuming the Keys are not related (e.g. by creating random keys
> and then encrypting them both with RSA) this is safer, assuming the
> attacker can crack one of the two symmetric ciphers but not RSA.
I repeat my earlier message:
> If you lo
On Tue, Sep 10, 2013 at 3:30 PM, Robert J. Hansen wrote:
> > Assuming it takes effort a to break cipher A and effort b to break
> > cipher b, this should result in effort at least max(a, b) needed to
> > break A+B.
>
> Basically, though, it's "this is a naive and unfounded assumption."
>
Why? As
On 9/10/2013 6:35 AM, Philipp Klaus Krause wrote:
> I wonder if it would be a good idea to have an option to combine
> symmetric ciphers, e.g. users could state a preference list like
> this:
No. This idea gets floated every few years and the answers never
change. It's not a good idea. If you
On Tue, 10 Sep 2013 12:35, p...@spth.de said:
> I wonder if it would be a good idea to have an option to combine
> symmetric ciphers, e.g. users could state a preference list like this:
Which requires more entropy for the two keys and thus creating an
incentive to use a faster and more insure RNG.
Philipp Klaus Krause wrote:
>I wonder if it would be a good idea to have an option to combine
>symmetric ciphers, e.g. users could state a preference list like this:
>
>TWOFISH+AES256 3DES+BLOWFISH+AES AES 3DES
>
>The meaning of A+B would be to encrypt using A first, and then encrypt
>the result u
34 matches
Mail list logo
