[Dshield] Virtual Matrix Encryption Hoax?

John Hardin johnh at aproposretail.com
Tue Mar 26 21:29:39 GMT 2002

On Tue, 2002-03-26 at 07:40, Jay Wren wrote:

> > From: John Hardin [mailto:johnh at aproposretail.com]
> > Any cryptosystem that relies on the secrecy of the
> > algorithm has a severe weakness.
> WHAT?  What else is there in a security system than the algorithm?

Sorry. I was a bit brief in my post. There are two general aspects to a
crypto system: the algorithm and the keying materials. A good
cryptosystem should not rely on the secrecy of the alrogithm for
security (viz CSS), only the secrecy of the keying material.

> Policy.
> I respectfully disagree with your statement and argue that there are many
> fine algorithms out there that will keep things plenty secure. 

There are. None of them rely on the secrecy of their encryption
algorithm. A good cryptosystem has the algorithm widely reviewed for an
extended period of time by cryptography researchers. Consider the
approval process that DES and AES went through.

> I propose
> that any cryptosystem that is implemented with poor policy has a severe
> weakness.

I'll grant that policy (deciding what to encrypt, with which key, and
managing the secrecy of keys) is important, too, and that mismanagement
of keying materials can render the best cryptosystem useless.

Please note: I am in no way a cryptography professional. I'm a dilettant
who regularly reads Crypto-Gram... :) 

John Hardin                                   <johnh at aproposretail.com>
Internal Systems Administrator                    voice: (425) 672-1304
Apropos Retail Management Systems, Inc.             fax: (425) 672-0192
 "They [media giants] have no idea how to do business with resourceful
  human beings rather than passive vegetables. So they run to [the]
  government for protection."
                    -- Doc Searls on the SSSCA, in Linux Journal
 50 days until Star Wars episode II: Attack of the Clones

More information about the list mailing list