If however Dolphin Encrypt was extremely strong ...
Date: Sat, 16 Apr 94 21:26:24 -0700 From: hughes@ah.com (Eric Hughes) Message-Id: <9404170426.AA28904@ah.com> To: cypherpunks@toad.com In-Reply-To: Anonymous's message of Fri, 15 Apr 1994 12:53:16 -0400 <Added.shfgNum00UdZ0OvU4M@andrew.cmu.edu> Subject: Dolphin Encryption Tutorial Precedence: bulk Status: R
Eric Hughes quotes "Anonymous":
Are you somehow implying the Dolphin Encrypt withstands critical examination? Be real.
Real? "Anonymous" here reveals that he has not been keeping up with the literature. DE was examined critically by Prof. Cipher Deavours in the October 1993 issue of Cryptologia, who (after studying the C source code for the encryption algorithm) wrote: "The diffusion process employed in the ciphering of data is fairly complex for an inexpensive system such as this one." Eric then allows as how:
Last time Dolphin Encrypt reared its insecure head in this forum, these same issues came up. The cipher that DE uses is not public and was not designed by a person of known cryptographicc competence. It should therefore be considered extremely weak.
However, in Peter Meyer's article we read:
The encryption algorithm used in Dolphin Encrypt is defined by the C source code for the encryption and decryption functions, and this source code is part of a publicly available C function library (the Dolphin Encryption Library). The method is not secret and its full details are available for examination to anyone who purchases the library.
Perhaps the DE cipher is not "public" in the sense that it is widely available on unix sites, but it is "publicly available". Perhaps the source code is not posted on sites such as soda because the publisher does not wish to expose himself to the the charge of making a strong crypto system available for export. Eric again quotes "Anonymous":
The comparison, fairly useless as it is, is even more useless without this further information.
Agreed.
For all we know Eric himself posted that "anonymous" message, so he could quote him out of context. As I recall, Anonymous seemed to have (deliberately?) misunderstood the part about the statistical test (and Eric agrees with him).
I repeat my recommendation of before: Do not use Dolphin Encrypt if you want secrecy. If you want something on the scale of a secret decoder ring, fine.
Eric
By his own admission Eric is ignorant of the DE cipher and is ignorant of the cryptographic competence of the author (or authors) of DE. Yet, rather than withholding judgment until more information is available, he makes a strong negative recommendation (and adds an insult). I would imagine that, in the opinion of most people, recommendations based upon ignorance such as this are worthless. Eric seems to have a burr up his ass regarding either DE or its author(s). His misrepresentation (e.g. that the DE cipher is not public) and lack of logic (e.g. we don't know that X is true therefore X is false) suggest that there is an emotional basis to his "recommendation". Apparently as regards DE Eric is not capable of anything except smear tactics. The astute readers of this list are not likely to be fooled by this.
I repeat my advice: Don't use Dolphin Encrypt if you want secrecy. If you want something that will provide short term security against unsophisticated opponents, it's probably fine. For why I think this, read on.
Are you somehow implying the Dolphin Encrypt withstands critical examination? Be real.
Real? "Anonymous" here reveals that he has not been keeping up with the literature. DE was examined critically by Prof. Cipher Deavours in the October 1993 issue of Cryptologia, who (after studying the C source code for the encryption algorithm) wrote: "The diffusion process employed in the ciphering of data is fairly complex for an inexpensive system such as this one."
1. The description of the cipher used for Dolphin Encrypt is not published. It is available only by special arrangement. It is not open to casual inspection. 2. Complexity is no criterion at all for ascertaining the security of a cipher. Complexity is not even necessary; for example, a stream cipher based upon one of the number-theoretic PRNGs is quite strong and simple to describe. One of the very most basic errors of making ciphers is simply to add layer upon layer of obfuscation and make a cipher which is nice and "complex". Read Knuth on making random number generators for the folly in this kind of approach. Designing secure ciphers requires some theory as why you expect the cipher to be secure. "Adding complexity" is false security of the worst kind. I've not seen the DE cipher. I won't sign a non-disclosure agreement in order to do so. I have seen an outline of the cipher, and it smacks of the "many layers of complexity" model. The author of DE:
The encryption algorithm used in Dolphin Encrypt is defined by the C source code for the encryption and decryption functions,
"Defined by the source code." In a better world, I would need say no more after pointing out this phrase. Peter Davidson:
Perhaps the source code is not posted on sites such as soda because the publisher does not wish to expose himself to the the charge of making a strong crypto system available for export.
I asked the author of DE why it wasn't available. He's worried that he'll lose a valuable trade secret. He greatly overestimates the value of such secrecy, believing it to be positive instead of negative.
and is ignorant of the cryptographic competence of the author (or authors) of DE.
This I am not ignorant of. The author of DE knows only the very most basic of statistical tests. He goes on and on about the posterior statistics of the ciphertext without even once examing the conditional statistics of the ciphertext relative to the plaintext. These conditional probabilities are an absolute necessity to examine. The author of DE does not even mention them, much less mentioning advanced techniques like differential cryptanalysis.
Yet, rather than withholding judgment until more information is available,
Ciphers are insecure until proven secure. Ciphers carry the presumption of guilt, not innocence. Ciphers designed by amateurs invariably fail under scrutiny by experts. This sociological fact (well borne out) is where the presumption of insecurity arises. This is not ignorance, to assume that this will change. The burden of proof is on the claimer of security, not upon the codebreaker. Until a cipher has undergone testing by differential cryptanalysis, it should be considered insecure. Until a cipher has undergone testing by linear cryptanalysis, it should be considered insecure. Etc. The person who says "If you can't break it, it must be secure"--well, I don't feel very polite today--that person has their head up their ass.
Eric seems to have a burr up his ass regarding either DE or its author(s).
Yes, I do. The rhetoric the DE promulgates is toxic.
His misrepresentation (e.g. that the DE cipher is not public)
It is not public. Being available does not make it public.
and lack of logic (e.g. we don't know that X is true therefore X is false)
The lack here is the lack of understanding that we have an epistemelogical question, not a question of fact. It may be that DE is secure, but I sincerely doubt it. Nevertheless, it should not be considered that DE is secure until we know that it is secure.
Apparently as regards DE Eric is not capable of anything except smear tactics.
Now this, _this_ is an insult. Peter Davidson doesn't understand the process of vetting a cipher, and so claims that I must be on a smear campaign. He doesn't understand the difference between public and available-under-contract, i.e. private, and so accuses me of having an unfounded argument. Rather than simply discussing the matter, Peter Davidson chooses to insult me. One word: projection.
The astute readers of this list are not likely to be fooled by this.
Flattery of the audience. How, er, quaint. Eric
participants (2)
-
hughes@ah.com -
wet!naga