Re: IPG Algorith Broken!
At 4:21 PM 11/23/96 -0800, John Anonymous MacDonald wrote:
At 12:33 PM 11/23/1996, Eric Murray wrote:
You point could have been that the same problem exists for proofs- that next week someone could come up with a way to prove, for all time, that an algorithim really IS unbreakable. So, to cover that posibility I should have said "it's currently impossible to prove an algorithim unbreakable". :-)
Or, more accurately, nobody credible has seen such a proof. But, a clever person might invent one.
I thought Shannon proved one-time-pads to be unbreakable using information theory. ------------------------------------------------------------------------- Bill Frantz | The lottery is a tax on | Periwinkle -- Consulting (408)356-8506 | those who can't do math. | 16345 Englewood Ave. frantz@netcom.com | - Who 1st said this? | Los Gatos, CA 95032, USA
On Sat, 23 Nov 1996, Bill Frantz wrote:
I should have said "it's currently impossible to prove an algorithim unbreakable". :-)
Or, more accurately, nobody credible has seen such a proof. But, a clever person might invent one.
I thought Shannon proved one-time-pads to be unbreakable using information theory.
Shannon did, but Paul Bradley and friends(sic) proved that he/they could brute force OTPs, its on the record, so I guess Shannon was wrong, Nes pas? Someone as certain of his facts as PB cannot possibly be wrong, or did he say he was asleep - I guess so, he is obviously always asleep. I also can prove that our algorithm cannot be broken. All you have to do is to examine the algorithm and you will understand why it is unbreakable. That is a lot of chutzpah, but once you understand the algorithm and how simple it is to prove its unbreakability, then you will understand that our claim is absolutely correct. Unfortunately, many of you would rather beat your fingers on the keyboard about the abstract than find out the truth for yourself. It is really very simple. Again, I repeat, if you would like a free copy, please send a e-mail request to: ipsales@cyberstation.net As for the algorithm, it is at: netprivacy.com With kindest regards, Don Wood
-----BEGIN PGP SIGNED MESSAGE----- On Sat, 23 Nov 1996, Bill Frantz wrote:
At 4:21 PM 11/23/96 -0800, John Anonymous MacDonald wrote:
At 12:33 PM 11/23/1996, Eric Murray wrote:
You point could have been that the same problem exists for proofs- that next week someone could come up with a way to prove, for all time, that an algorithim really IS unbreakable. So, to cover that posibility I should have said "it's currently impossible to prove an algorithim unbreakable". :-)
Or, more accurately, nobody credible has seen such a proof. But, a clever person might invent one.
I thought Shannon proved one-time-pads to be unbreakable using information theory.
Different ball game. OTP isn't "unbreakable" . OTPs are secure because no matter what key you use, it _will_ decrypt, so your plaintext is still hidden simply because it could decrypt to whatever the person trying to decrypt it wants it to. Its not that its unbreakable, its that its breakable in _so many ways_. --Deviant PGP KeyID = E820F015 Fingerprint = 3D6AAB628E3DFAA9 F7D35736ABC56D39 Do, or do not; there is no try. -- Yoda -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQEVAwUBMphYvDCdEh3oIPAVAQGVWQf/UGedrHA9F0wqBBn0aUGNpP/0D2TOVTGm JBKhsCHoACMhowkHGMSEumnWQZ8mJ1pUAht306p2smVd+XWqRia1c73fwES+a/9X PEjaW3f6e8vsGnfQBlft0gEtaGzbwN9Dpbg01qxbpsLo9G0WqcrK8mHbOUISODjl uyRbVZXvpdL88pNMDsoc/4p1MhTY+2eYZvp/CSfQZNjn+mSnD8MVO/EyFSfWj5t2 oEiO1R+h0xN6KHPwv8jDybuelbs8voCHEDY5rDFGB5VKsI+9nqStPwUVb39S0Vec z5UPdrUUpfXP1aGxASYN9A88OLhzR00zCvtOPB/cp48FS6zC1PcH/A== =7Ik9 -----END PGP SIGNATURE-----
On Sun, 24 Nov 1996, The Deviant wrote:
At 4:21 PM 11/23/96 -0800, John Anonymous MacDonald wrote:
At 12:33 PM 11/23/1996, Eric Murray wrote:
You point could have been that the same problem exists for proofs- that next week someone could come up with a way to prove, for all time, that an algorithim really IS unbreakable. So, to cover that posibility I should have said "it's currently impossible to prove an algorithim unbreakable". :-)
Or, more accurately, nobody credible has seen such a proof. But, a clever person might invent one.
I thought Shannon proved one-time-pads to be unbreakable using information theory.
Different ball game. OTP isn't "unbreakable" . OTPs are secure because no matter what key you use, it _will_ decrypt, so your plaintext is still hidden simply because it could decrypt to whatever the person trying to decrypt it wants it to. Its not that its unbreakable, its that its breakable in _so many ways_.
More nonsense - unbreakable means that you cannot determine what the plaintext is. Shannon proved that you cannot prove what the plaintext is for OTPs, or for the system we have developed either. The fact that it could possibly be any plain text simply is another way of saying that it is unbreakable, they are one and the same thing. Like so many you are talking in circles and do not know what you are talking about or you would not waste your time on such nonsense - Paul Bradley even knows how to brute force OTPs, so you must be wrong there to. With Kindest regards, Don Wood
Don Wood <wichita@cyberstation.net> writes:
Different ball game. OTP isn't "unbreakable" . OTPs are secure because no matter what key you use, it _will_ decrypt, so your plaintext is still hidden simply because it could decrypt to whatever the person trying to decrypt it wants it to. Its not that its unbreakable, its that its breakable in _so many ways_.
More nonsense - unbreakable means that you cannot determine what the plaintext is. Shannon proved that you cannot prove what the plaintext is for OTPs, or for the system we have developed either. The fact that it could possibly be any plain text simply is another way of saying that it is unbreakable, they are one and the same thing. Like so many you are talking in circles and do not know what you are talking about or you would not waste your time on such nonsense - Paul Bradley even knows how to brute force OTPs, so you must be wrong there to.
That's precisely right - (almost all) cypherpunks have no idea what they're talking about. They use "kewl" words without understanding what they mean. The recent discussion of whether the (allegedly gay) droid Data used PGP or "fractal encryption" in some scifi movie is a good example. Some of these bullies, like Paul Bradley, realize that they don't know the meanings of the words they use. Paul Bradley not only posts nonsense about brute force attacks on OTP, but also harrasses anyone who exposes his utter ignorance, in en effort to intimidate them into shutting up. "Cypherpunks'" opinion of any proposed new cryptosystem is worthless and irrelevant. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps
From: wichita@cyberstation.net Date: Sat, 30 Nov 1996 02:41:28 -0600 (CST) cc: Bill Frantz <frantz@netcom.com>, John Anonymous MacDonald <nobody@cypherpunks.ca>, cypherpunks@toad.com ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ Shannon proved that you cannot prove what the plaintext is for OTPs, Let P, K, and C represent bit strings of equal length. Given a ciphertext C, for every plaintext P there exists a key K such that P XOR K = C. This is true (K=P XOR C). or for the system we have developed either. False. Let P and C represent byte strings of equal (arbitrary) length and K represent the key string of fixed length. The IPG algorithm can be summarized C = P XOR PRNG(K) where PRNG(K) is the output of the pseudo-random number generator with seed K. The details of the PRNG are unimportant for this argument. For every ciphertext C longer than K, there exists a plaintext P such that no K will satisfy C = P XOR PRNG(K). Proof: There are 256^length(K) possible keys (roughly 10^34322). There are therefore at most this many possible decryotions of the given plaintext. Since length(C) > length(K), there are more possible plaintexts than possible decryptions. Shannon's proof of the security of the OTP therefore doesn't apply to IPG's cipher. Assume that the PRNG is resistant to analysis. Given the size of the keyspace, it is not feasible to search the whole keyspace hoping something like a plaintext pops out. However, it is easy to take a key obtained through some other means and verify that the plaintext makes sense. Since the PRNG is assumed resistant to analysis, this constitutes proof that the plaintext is correct (since it's infeasible to find a key that decrypts the ciphertext to another plausible plaintext). Of course, all encryption algorithms short of the OTP allow an attacker to prove a key correct, but most cryptographers don't claim their algorithms to be as secure as OTPs.
participants (5)
-
Bryan Reece -
dlv@bwalk.dm.com -
frantz@netcom.com -
The Deviant -
wichita@cyberstation.net