[cross-posted to tahoe-dev@allmydata.org and cryptography@metzdowd.com] Disclosure: Cleversafe is to some degree a competitor of my Tahoe- LAFS project. On the other hand, I tend to feel positive towards them because they open-source much of their work. Our "Related Projects" page has included a link to cleversafe for years now, I briefly collaborated with some of them on a paper about erasure coding last year, and I even spoke briefly with them about the idea of becoming an employee of their company this year. I am tempted to ignore this idea that they are pushing about encryption being overrated, because they are wrong and it is embarassing. But I've decided not to ignore it, because people who publicly spread this kind of misinformation need to be publicly contradicted, lest they confuse others. Cleversafe has posted a series of blog entries entitled "3 Reasons Why Encryption is Overrated". http://dev.cleversafe.org/weblog/?p=63 # 3 Reasons Why Encryption is Overrated http://dev.cleversafe.org/weblog/?p=95 # Response Part 1: Future Processing Power http://dev.cleversafe.org/weblog/?p=111 # Response Part 2: Complexities of Key Management http://dev.cleversafe.org/weblog/?p=178 # Response Part 3: Disclosure Laws It begins like this: """ When it comes to storage and security, discussions traditionally center on encryption. The reason encryption b or the use of a complex algorithm to encode information b is accepted as a best practice rests on the premise that while itbs possible to crack encrypted information, most malicious hackers donbt have access to the amount of computer processing power they would need to decrypt information. But not so fast. Letbs take a look at three reasons why encryption is overrated. """ Ugh. The first claim -- the today's encryption is vulnerable to tomorrow's processing power -- is a common goof, which is easy to make by conflating historical failures of cryptosystems due to having too small of a crypto value with failures due to weak algorithms. Examples of the former are DES, which failed because its 56-bit key was small enough to fall to brute force, and the bizarre "40-bit security" policies of the U.S. Federal Government in the 90's. An example of the latter is SHA1, whose hash output size is *not* small enough to brute-force, but which is insecure because, as it turns out, the SHA1 algorithm allows the generation of colliding inputs much quicker than a brute force search would. Oh boy, I see that in the discussion following the article "Future Processing Power", the author writes: """ I donbt think symmetric ciphers such as AES-256 are under any threat of being at risk to brute force attacks any time this century. """ What? Then why is he spreading this Fear, Uncertainty, and Doubt? Oh and then it gets *really* interesting: it turns out that cleversafe uses AES-256 in an All-or-Nothing Transform as part of their "Information Dispersal" algorithm. Okay, I would like to understand better the cryptographic effects of that (and in particular, whether this means that the cleversafe architecture is just as susceptible to AES-256 failing as an encryption scheme such as is used in the Tahoe-LAFS architecture). But, it is time for me to stop reading about cryptography and get ready to go to work. :-) Regards Zooko --- Tahoe, the Least-Authority Filesystem -- http://allmydata.org store your data: $10/month -- http://allmydata.com/?tracking=zsig I am available for work -- http://zooko.com/rC)sumC).html --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com ----- End forwarded message ----- -- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE