Sujet : Re: What are the chances of this encrytion being broken?
De : rjh (at) *nospam* cpax.org.uk (Richard Heathfield)
Groupes : sci.cryptDate : 23. Mar 2025, 09:15:50
Autres entêtes
Organisation : Fix this later
Message-ID : <vrofvo$1ut0v$1@dont-email.me>
References : 1
User-Agent : Mozilla Thunderbird
On 23/03/2025 04:14,
hal@invalid.com wrote:
What are the chances that the encrypted text in this message could be
broken?
A good many years ago when sci.crypt was packed wall to wall with expert cryptanalysts, I asked pretty much the same question - not as a challenge (such challenges were frequent, and the experts wearied of explaining the flawed assumptions inherent in such challenges) but more as a playful puzzle. Ciphertext-only, that is.
Jim Gillogly is a leading cryptanalyst. If you don't know the name, you can find out more here: <
https://en.wikipedia.org/wiki/James_Gillogly>
He stopped posting here when the number of cypherpunks started to outweigh the experts, but back then he subscribed to sci.crypt, and he took up the gauntlet I had so gently laid down. It took him only an hour or two to post my plaintext.
No one knows what program made the file. It's 256 bit encryption.
Is someone of Jim's calibre cares enough (and there aren't many of them, but they're still out there) they'll have the plaintext out in fairly short order, but it's very unlikely that they'll post the answer here, because what will that be to them?
How would a encryption expert go about attempting to decrypt the
message?
He or she would start by determining what the ciphertext actually /is/. Are the newlines part of the text or not?
He wouldn't find out by asking you. He would look at the transmission sent to Bob (the recipient of the message, who can be expected to decrypt it and thus will be expecting a clean ciphertext format, such as five-groups, or a file attachment).
Then he would ask Intelligence to get him everything they had on Alice (the sender) and Bob. While they were doing that, he would be frequency-analysing the ciphertext and comparing it to the frequencies of all the languages that Alice and Bob hold in common. And then he'd tell them to acquire the program used to encrypt the message. (You say nobody knows, but Alice knows because she sent the message, and Alice can be brought in for questioning.)
Kerckhoffs's principle: one must assume that one's enemy has at their disposal the machine.
If the security of your cryptosystem relies on Eve (the enemy) never laying hands on the detail of your algorithm, then all your secrets are at the mercy of the first battle lost, the first crashed transport plane, the first captured ship, or the first traitor at your HQ.
Cryptanalysis starts with the algorithm, and the government will keep pointing guns at people until they get it.
Back in the day, when I presented my puzzle, I made it abundantly clear that I knew the rules and that I could draw no meaningful conclusions if sci.crypt couldn't be arsed to crack it. Jim G took my game in the spirit I intended, and even without the algorithm he cracked my ciphertext wide open. So security through obscurity is no security at all.
Finally, bear in mind that the Advanced Encryption Standard is openly published and widely available. Some of the finest cryptanalysts in the world have attacked AES, and according to Snowden the NSA are still going at it hammer and tongs. Experts don't think they'll succeed. "I do not believe that anyone will ever discover an attack that will allow someone to read Rijndael traffic." - Bruce Schneier, <
https://www.schneier.com/crypto-gram/archives/2000/1015.html>
Against that background, an unpublished algorithm doesn't have a snowball's chance in hell.
-- Richard HeathfieldEmail: rjh at cpax dot org dot uk"Usenet is a strange place" - dmr 29 July 1999Sig line 4 vacant - apply within
Re: What are the chances of this encrytion being broken?
Re: What are the chances of this encrytion being broken?
