On Sat, 5 Mar 1994, Eli Brandt wrote:
My point is, invulnerability to *what attack*? An attacker may know the algorithm, or not; may have known plaintext; may be able to choose plaintext; may be able to read a channel, or to garble it, or to change it; may have limited or unlimited space and time; might be able to factor in polynomial time -- there are a lot of parameters here. And it makes no sense at all to say, "Well, let's just consider the strongest possible attack."
Eli
My original response was concerning an algorithm "good enough to withstand an opponent who has full documentation of your algorithms and methods lots of funds, and everything except your keys." That opponent may, concievably, be the NSA or another person/organisation with access to similar resources. The consensus seems to point to such an opponent as being one who could mount the "strongest possible attack". It may not be practical to consider such a general danger when designing particular encryption schemes; but, it is likewise impractical to make sweeping generalizations concerning a given scheme's invulnerability. Sergey