Wireless Office
Fernando Duran
liberosec-FFYn/CNdgSA at public.gmane.org
Wed Dec 31 19:37:16 UTC 2008
--- Mike Kallies <mike.kallies-Re5JQEeQqe8AvxtiuMwx3w at public.gmane.org> wrote:
> Fernando Duran wrote:
> ...
> > That's incorrect; precisely the beauty of
> asymmetric
> > (public-key) cryptography is that users can
> > communicate securely over a public channel.
> >
> > Several cryptographic methods have been proven to
> be
> > mathematically secure. A different issue of course
> are...
>
> Now that would be *BIG* news.
>
> Just to split hairs, public key algorithms have
> never actually been
> *mathematically* proven.
I think I know what you mean, to elaborate: the
encryption methods are as strong as the underlying
algorithm; *if* the math for the algorithm is
considered strong and secure (like factoring two large
primes) then the encryption can be proven to be
secure.
Actually, with unlimited CPU power and time a
public-key encryption is breakable in theory. So when
somebody says that some cryptographic scheme is
"secure" they would have to say under which
computation power/time limit and it's implied that
also "if no breakthrough factoring/whatever math
method is discovered".
The basic idea I wanted to convey for any
cryptographic luddite is that cryptography is
"considered secure" (secure in practice / for relevant
cases) and when there's a security breach is almost
always because of some other entry point.
I'm saying "almost always" to be cautious but in fact
I've never heard for example of a real remote server
that was compromised purely by cracking a current
cryptographic algorithm, if somebody knows of a case
I'd love to have a link. Most of the security problems
in servers come from 1) weak passwords and 2)
unpatched old software.
I agree on the rest of your message too.
Regards,
Fernando
There's still a chance that
> some bizzare
> mathematical theory will appear which can cause the
> very principle of
> public key encryption to crumble.
>
> The whole thing hinges on an idea that some problems
> require more
> computational power to solve than others. E.g.,
> multiplying two primes
> together is easier than it is to factor the product
> of two primes.
>
> The proof thing is academic though. The sentiment
> is totally right.
> The best minds in the world have staked their
> reputation on testing,
> investigating and researching ways to break these
> things and while
> particular methods might have had vulnerabilities
> which changed the
> amount of computation required, none have reported
> success in shaking
> the underlying principle.
>
>
> "As for other popular public key cryptosystems, no
> mathematical proof of
> difficulty has been published for ECC as of
> 2006[update]. However, the
> U.S. National Security Agency has endorsed ECC
> technology by including
> it in its Suite B set of recommended algorithms and
> allows their use for
> protecting information classified up to top secret
> with 384-bit keys.[4]
> Although the RSA patent has expired, there are
> patents in force covering
> some aspects of ECC."
>
>
http://en.wikipedia.org/wiki/Elliptic_curve_cryptography
>
> (...with the bizzare exception of quantum computing
> http://en.wikipedia.org/wiki/Shor%27s_algorithm )
>
> Does anyone have any better sources?
>
>
> -Mike
> --
> The Toronto Linux Users Group. Meetings:
> http://gtalug.org/
> TLUG requests: Linux topics, No HTML, wrap text
> below 80 columns
> How to UNSUBSCRIBE:
> http://gtalug.org/wiki/Mailing_lists
>
---------------------
Fernando Duran
http://www.fduran.com
__________________________________________________________________
Instant Messaging, free SMS, sharing photos and more... Try the new Yahoo! Canada Messenger at http://ca.beta.messenger.yahoo.com/
--
The Toronto Linux Users Group. Meetings: http://gtalug.org/
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://gtalug.org/wiki/Mailing_lists
More information about the Legacy
mailing list