Cryptography

From Wikiquote
Jump to: navigation, search

Cryptography is is the practice and study of hiding information. In modern times cryptography is considered a branch of both mathematics and computer science and is affiliated closely with information theory, computer security and engineering.

Sourced[edit]

  • This method, seemingly very clever, actually played into our hands! And so it often happens that an apparently ingenious idea is in fact a weakness which the scientific cryptographer seizes on for his solution.
  • Few false ideas have more firmly gripped the minds of so many intelligent men than the one that, if they just tried, they could invent a cipher that no one could break.
  • The multiple human needs and desires that demand privacy among two or more people in the midst of social life must inevitably lead to cryptology wherever men thrive and wherever they write.
  • "The magic words are squeamish ossifrage"
    • Plaintext of the message encoded in RSA-129, given in Martin Gardner's 1977 "Mathematical Games" column about RSA.
  • Feistel and Coppersmith rule. Sixteen rounds and one hell of an avalanche.
    • Quoted by Stephan Eisvogel in de.comp.security
  • For the computer security community, the moral is obvious: if you are designing a system whose functions include providing evidence, it had better be able to withstand hostile review.
  • When a cryptanalyst starts out trying to analyze a new algorithm, his first thought is probably: "Yikes. What a mess. I'll never make sense of this". So there are all sorts of tricks to help you start to probe into the convoluted innards of the cipher. One of these is to attack a weakened version. Later, he may be able to extend the attack to the full strength version; or, if this cannot be done, the reason why it can't at least gives some insight into the strengths and weaknesses of the cipher.
  • There is also a side benefit: the difference in strength made by even really subtle changes warns us just how tricky crypto can be...
    • R. Fleming in message <-0703971850220001@mg4-48.its.utas.edu.au> of sci.crypt
  • Due to the suspicious nature of crypto users I have a feeling DES will be with us forever, we will just keep adding keys and cycles...
    • Colin Dooley, in message <34C5021A.ABD@medit3d.com> of sci.crypt
  • The NSA response was, "Well, that was interesting, but there aren't any ciphers like that."
    • Gustavus J. Simmons, "The History of Subliminal Channels", in IEEE Journal on Selected Areas in Communication, pages 452-462, v. 16, n. 4, 1998.
  • The real work in an attack, at least an attack against a well-designed cipher, is modifying the attack technique so that it works. Knudsen's papers are an excellent example of this; he is a master at making an attack work where others have failed. Differentials work where characteristics don't. Truncated differentials work where normal differentials don't. Even this year's exciting find, impossible differentials, are simply another way at looking at a differential attack. A cryptanalyst with a "menu" would have never found any of those attacks, and would have broken far fewer ciphers.
    • , in message <35f52432.869733@news.visi.com> of sci.crypt.
  • The obvious mathematical breakthrough would be development of an easy way to factor large prime numbers.
    • The first edition of The Road Ahead, , page 265.
  • The point of academic attacks is not exhibiting practical breaks; the point is that only a trained cryptographer can tell whether a given algorithm is secure or not. The author of an algorithm says: "My cipher is secure, and trust me, I am an expert at this. And to prove that I am a real good expert, I challenge other experts to find even the most impractical, academic flaw in my cipher".
  • Just like glue. Commercial ads state that the foobar glue can stick an elephant to the ceiling. Who needs to stick an elephant to the ceiling? But if it can do that, people will trust its sticking strength.
    • Thomas Pornin, in message <8rf05j$2np9$1@nef.ens.fr> of sci.crypt
  • We didn't do this with just a pencil and some paper. Lots of our notes are in pen. We didn't need to erase much.
    • Tim Hollebeek and John Viega, on breaking defective crypto in Netscape's mail password saver; quoted in RISKS Digest Vol. 20 Issue 68.
  • If you think cryptography is the answer to your problem, then you don't know what your problem is.
    • Peter G. Neumann, quoted in the New York Times, February 20 2001.

Unsourced[edit]

  • Linear improvements in compute power can't stand up to exponential improvements in difficulty.
    • Anonymous
  • When cryptography is outlawed, bayl bhgynjf jvyy unir cevinpl.
    • Anonymous
  • The law does not allow me to testify on any aspect of the National Security Agency, even to the Senate Intelligence Committee.
    • Lt. General Lew Allen Jr., Director of the NSA. (Probably from The Puzzle Palace by James Bamford.)
  • The best system is to use a simple, well understood algorithm which relies on the security of a key rather than the algorithm itself. This means if anybody steals a key, you could just roll another and they have to start all over.
    • Andrew Carol
  • Am I being overly harsh or do others think that the multi-thousand bit key is about sowing fear, uncertainty, and doubt for commercial gain? DES? Not big enough! Triple DES? Not big enough! IDEA? Not big enough! What you need is Dr. Phineas P. Snakeoil's mystery elixir! Filled with matrices and Galois fields to improve the digestion of dyspeptic managers everywhere! Step right up and get a whole case full! Don't ask what's inside ladies and gentlemen! It's a patent medicine that is only available here.
    • Stephen M. Gardner
  • The NSA regularly lies to people who ask it for advice on export control. They have no reason not to; accomplishing their goal by any legal means is fine by them. Lying by government employees is legal.
      • In cyberspace everyone will be anonymous for 15 minutes.
    • Graham Greenleaf
  • Cryptography, at least in its public embodiment, is finally, slowly, and painfully becoming a science. Part of that evolution is the dawning of an understanding of exactly what cryptographic guarantees mean, and how delicate they can be. I think it's safe to say that not a single cryptographic claim made in any paper published before, oh, 1985 or so (perhaps even as late as 1990) could be fully justified today. (Of course, the better work was usually almost correct, but the theoretical underpinning was simply not there to even state the claims in a way that could be properly formalized.)
    • Jerry Leichter
  • BTW, I learned a lovely new acronym today: "Law Enforcement Agency Key" -- LEAK.
    • Charles H. Lindsey
  • The notion that an anonymous posting needs to be traceable to its source is a product of the unification of the old time conservative desire to squelch free speech with the new fangled politically correct liberal desire to squelch free speech.
    • Perry E. Metzger
  • The right to speak PGP is the right to speak Navajo.
      • So we must see that the balance we strike when we destroy all control over encryption is rather more complicated than the policemen let on when they talk about the crimes they would not have prevented without wiretapping. It is also about the crimes we will prevent when people may speak freely, everywhere, all the time. The good that will come from that is hard to overestimate.
      • How long before we Americans are reduced to doing crypto with a deck of cards? (See Bruce Schneier's Solitaire).
    • Mordy Ovits
  • Note to amateur cryptographers: simple analysis is a good thing, if it doesn't weaken the cipher. ... It's better to be able to prove that an attack won't work than to have to guess that it won't because it's too much work.
    • Colin Plumb
  • The wire protocol guys don't worry about security because that's really a network protocol problem. The network protocol guys don't worry about it because, really, it's an application problem. The application guys don't worry about it because, after all, they can just use the IP address and trust the network.
      • There is a parallel between designing electronic commerce infrastructure today that uses weak cryptography (i.e. 40 or 56 bit keys) and, say, designing air traffic control systems in the '60s using two digit year fields. ... Just because you can retire before it all blows up doesn't make it any less irresponsible.
    • Arnold G. Reinhold
  • In the design of cryptosystems, we must design something now for use in the future. We have only the published facts of the past to stand against all the secret research of the past and future for as long as a cipher is used. It is therefore necessary to speculate on future capabilities. It is not acceptable to wait for a published attack before a weakness is considered in cipher design. It is instead necessary to try to perceive weaknesses which have not yet contributed to full attacks, and close them off.
    • Terry Ritter
  • Key escrow to rule them all; key escrow to find them.
  • Key escrow to bring them all and in the darkness bind them.
  • In the land of surveillance where Big Brother lies.
    • Peter Gutmann
  • Mary had a little key (It's all she could export),
  • and all the email that she sent was opened at the Fort.
    • Ron Rivest
  • Mary had a little key - she kept it in escrow,
  • and every thing that Mary said, the feds were sure to know.
    • Sam Simpson
  • Crypto is not mathematics, but crypto can be highly mathematical, crypto can use mathematics, but good crypto can be done without a great reliance on complex mathematics.
    • W T Shaw
  • Child pornography -- I never heard of it as a problem five years ago, but now it's brought up constantly. I think it's the new Red-baiting. The people in Burma don't understand how it is that we are focusing our whole crypto policy on catching child pornographers. If you think that cryptography is good for society you have to apologize and say that you are against child pornography... The fact that I even have to say that is an indication of how effective this Red-baiting is... I think that we can't let our civil liberties for the society at large be determined by government policy towards a tiny segment of the criminal population.
  • I should be able to whisper something in your ear, even if your ear is 1000 miles away, and the government disagrees with that. [GQ magazine in England] quoted me on that -- they changed one letter. It said I should be able to whisper something in your car, even though I am 1000 miles away. I wonder what the people in England think of me.
  • With PCs 1,000 times more powerful than they used to be, our encryption keys can and should be 1,000 times bigger too. That means cryptokeys of at least 56,000 bits.
    • Seen on developer.com

See also[edit]