liberosec-FFYn/CNdgSA at public.gmane.org
Wed Dec 31 19:37:16 UTC 2008
--- Mike Kallies <mike.kallies-Re5JQEeQqe8AvxtiuMwx3w at public.gmane.org> wrote:
> Fernando Duran wrote:
> > That's incorrect; precisely the beauty of
> > (public-key) cryptography is that users can
> > communicate securely over a public channel.
> > Several cryptographic methods have been proven to
> > mathematically secure. A different issue of course
> Now that would be *BIG* news.
> Just to split hairs, public key algorithms have
> never actually been
> *mathematically* proven.
I think I know what you mean, to elaborate: the
encryption methods are as strong as the underlying
algorithm; *if* the math for the algorithm is
considered strong and secure (like factoring two large
primes) then the encryption can be proven to be
Actually, with unlimited CPU power and time a
public-key encryption is breakable in theory. So when
somebody says that some cryptographic scheme is
"secure" they would have to say under which
computation power/time limit and it's implied that
also "if no breakthrough factoring/whatever math
method is discovered".
The basic idea I wanted to convey for any
cryptographic luddite is that cryptography is
"considered secure" (secure in practice / for relevant
cases) and when there's a security breach is almost
always because of some other entry point.
I'm saying "almost always" to be cautious but in fact
I've never heard for example of a real remote server
that was compromised purely by cracking a current
cryptographic algorithm, if somebody knows of a case
I'd love to have a link. Most of the security problems
in servers come from 1) weak passwords and 2)
unpatched old software.
I agree on the rest of your message too.
There's still a chance that
> some bizzare
> mathematical theory will appear which can cause the
> very principle of
> public key encryption to crumble.
> The whole thing hinges on an idea that some problems
> require more
> computational power to solve than others. E.g.,
> multiplying two primes
> together is easier than it is to factor the product
> of two primes.
> The proof thing is academic though. The sentiment
> is totally right.
> The best minds in the world have staked their
> reputation on testing,
> investigating and researching ways to break these
> things and while
> particular methods might have had vulnerabilities
> which changed the
> amount of computation required, none have reported
> success in shaking
> the underlying principle.
> "As for other popular public key cryptosystems, no
> mathematical proof of
> difficulty has been published for ECC as of
> 2006[update]. However, the
> U.S. National Security Agency has endorsed ECC
> technology by including
> it in its Suite B set of recommended algorithms and
> allows their use for
> protecting information classified up to top secret
> with 384-bit keys.
> Although the RSA patent has expired, there are
> patents in force covering
> some aspects of ECC."
> (...with the bizzare exception of quantum computing
> http://en.wikipedia.org/wiki/Shor%27s_algorithm )
> Does anyone have any better sources?
> The Toronto Linux Users Group. Meetings:
> TLUG requests: Linux topics, No HTML, wrap text
> below 80 columns
> How to UNSUBSCRIBE:
Instant Messaging, free SMS, sharing photos and more... Try the new Yahoo! Canada Messenger at http://ca.beta.messenger.yahoo.com/
The Toronto Linux Users Group. Meetings: http://gtalug.org/
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://gtalug.org/wiki/Mailing_lists
More information about the Legacy