Talk:Cryptanalysis: Difference between revisions
No edit summary |
Reverted - posted to wrong article |
||
Line 67: | Line 67: | ||
:There is no legal standpoint on codebreaking in the UK, and as far as I'm aware there isn't one in the USA either. Legal protection only applies to the data that was encrypted. Obviously if it was government classified or covered by the official/trade secrets acts the unauthorized decryption of such data would be illegal. In most cases it's what you do with the data you get that is covered by law. It is not illegal to break the encryption of an SSL connection, but it is illegal to use someone's bank account details to fraudulently obtain money. However, breaking encryption at work would probably be considered a fireable offence and you wouldn't stand a chance if you tried to take them to court over illegal dismissal. It also may be considered a breach of your ISP's terms and conditions if you try to break encryption of data sent over the internet. [[Special:Contributions/86.14.89.251|86.14.89.251]] ([[User talk:86.14.89.251|talk]]) 19:39, 6 January 2009 (UTC) |
:There is no legal standpoint on codebreaking in the UK, and as far as I'm aware there isn't one in the USA either. Legal protection only applies to the data that was encrypted. Obviously if it was government classified or covered by the official/trade secrets acts the unauthorized decryption of such data would be illegal. In most cases it's what you do with the data you get that is covered by law. It is not illegal to break the encryption of an SSL connection, but it is illegal to use someone's bank account details to fraudulently obtain money. However, breaking encryption at work would probably be considered a fireable offence and you wouldn't stand a chance if you tried to take them to court over illegal dismissal. It also may be considered a breach of your ISP's terms and conditions if you try to break encryption of data sent over the internet. [[Special:Contributions/86.14.89.251|86.14.89.251]] ([[User talk:86.14.89.251|talk]]) 19:39, 6 January 2009 (UTC) |
||
:Far from being bizarre, when there is nothing useful to say it is best to say nothing. In particular we need to be careful not to offer legal advice, since we are not licensed to do so. — [[User:DAGwyn|DAGwyn]] ([[User talk:DAGwyn|talk]]) 15:43, 11 January 2009 (UTC) |
:Far from being bizarre, when there is nothing useful to say it is best to say nothing. In particular we need to be careful not to offer legal advice, since we are not licensed to do so. — [[User:DAGwyn|DAGwyn]] ([[User talk:DAGwyn|talk]]) 15:43, 11 January 2009 (UTC) |
||
== Was the Vig considered unbreakable? == |
|||
The article claims that the Vig was considered to be unbreakable. I have no doubts that it was publicly so considered, but I'm not at all sure that attacks against it weren't known to the inner circles, long before they were published. |
|||
There is no evidence that Babbage independently invented the Kasiski technique. His notes simply show him using it in a matter-of-fact way. As they show him using Kerckhoff's method, as well. Did he invent both, independently, and never publish? Or were they known before him? We have no evidence, either way. |
|||
But, in my mind, the very fact that Vigenere was exploring running key and auto-key ciphers - which seem specifically designed to defend against the these attacks - suggests that he wasn't all that confident in the security of the bare Vig. And then there's the fact that nobody with any cryptological expertise actually used it. So was it really thought to be secure? |
|||
There was another attack against the Vig that often worked - the probable word method. There's a description of how to use it against the Gronsfeld in William Blair's article "Cipher", in Abraham Rees' "Cyclopedia", published in 1807. The attack would have worked against the Vig, for some keys. Perhaps it was this attack that Vigenere had been trying to defend against, and that the convinced the cryptgraphers of the 16th-19th centuries not to use the Vig. |
|||
Truth is, there's no evidence, simply supposition. But I'm far from confident that the statement that the Vig was considered unbreakable is true. Certainly it was considered unbreakable by people who were unaware of the methods that could be used against it. Who was aware of these attacks? Anybody who knew anything, post Kasiski and Kerchoff. Babbage and the circle with whom he did crypto - Beaufort and some of the folks from the Royal Society. Did anyone know prior to Babbage? We don't know. But Babbage never claimed to be the first. And one attack, at least, predates Babbage. |
|||
So, I'm not sure that the level of certainty implied in the article is justified. |
|||
--[[User:Jdege|jdege]] ([[User talk:Jdege|talk]]) 18:22, 8 August 2009 (UTC) |
Revision as of 00:16, 9 August 2009
Cryptography: Computer science Unassessed | |||||||||||||
|
Military history: Technology C‑class | ||||||||||||||||||||||||||||
|
Article needs work
This article seems a bit incoherent. whats this "two-key" stuff? You mean public key / asymmetric cryptography, or what? And "one-key" means what? Symmetric cryptography?
Also, chosen ciphertext and chosen plaintext attacks are different for symmetric crypto. For symmetric crypto, attacks are: ciphertext-only, known-plaintext, chosen-plaintext and chosen-ciphertext (in order of increasing strength.) For assymetric, the three main attacks are: known-plaintext, chosen-ciphertext and adaptive chosen-ciphertext.
This page needs to be rewritten by someone who knows what they are talking about (I know enough to know this page is awful, but I'll leave fixing it to those more knowledgeable than I...) -- SJK
What do do about cryptanalysis assumptions?
There's some short stub-esque pages on the various types of cryptanalysis attacks: known-plaintext attack, chosen plaintext attack, ciphertext-only attack, chosen ciphertext attack, adaptive chosen ciphertext attack. They are all quite short and similar, and its unlikely they'll every expand into longer articles. Some options:
- Keep the short pages. If this was the case, you'd want to add things like "adaptive chosen plaintext attack" and "related-key attack" and (believe it or not) "related-cipher attack".
- Merge them all into a Scenarios for cryptanalysis article.
- Merge them all into cryptanalysis.
I'd favour doing 2., seeing how long the article is, and then deciding whether to do 3.
Matt 02:59, 13 Mar 2004 (UTC)
Matt, I think keeping (and adding to) the stubesque pages makes some sense, when combined with 2. The problem is that no _real_ sense of the operation of cryptanalytic technique can be anything less than detailed -- probably far too detailed for a WP article, even a technical one. But any attempt to do so, which I would nevertheless encourage (it might be possible for one or another technique), should be kept quarantined. More or less the way the mathematics or physics people have done in some cases.
Nevertheless, an overview of cryptanalysis (how to think about it, how to consider choosing an attack technique, what informatio is needed to decide, ...) would be useful. Both to the somewhat curious reader (more ambitious than the average) and to the serious reader. It's hard to keep the abstraction levels straight when thinking about crypto generally and abotu cryptoanalysis in particular, so whatever illumination is possible would be well, even for the serious reader.
Comments?
ww 16:09, 15 Mar 2004 (UTC)
- The modern treatment of this stuff is in terms of the random oracle model. There should definitely be an article explaining terms like IND-CPA and IND-CCA security (CPA=chosen plaintext attack, CCA=chosen ciphertext attack, etc). But it shouldn't be in the main cryptanalysis article. I've been wanting for a while to write something on those topics but I'm too busy right now. Rogaway and Bellare have an excellent downloadable textbook that I'll try to add a link to. Phr 08:41, 16 February 2006 (UTC)
Presumably this is the text-book http://www.cs.ucsd.edu/~mihir/cse207/classnotes.html --AWZ (talk) 19:16, 3 February 2008 (UTC)
Shannon link
Can somebody check the link on "Shannon Information" (the Shannon part)? It used to point to a disambiguation page. I've changed it to what I think is the right person, but I'm not completely sure... Ealex292 02:12, 10 Apr 2005 (UTC)
- I've never heard the term "Shannon Information" before, but from context it just means the cryptanalyst has gained information that lowers the effective Shannon entropy of the (unknown) plaintext. For example, suppose you have a ciphertext and you know that the plaintext was written in either English or French, but you don't know which, and you consider both equally likely. If you have a statistical method that doesn't yield any plaintext, but can determine from the ciphertext that the plaintext is 65% likely to be English, that would be an information deduction attack. In general, perfect security means that for a given ciphertext, all plaintexts are equally likely. Any algorithm that discloses that some plaintexts are more likely than others is an attack. Phr 08:38, 16 February 2006 (UTC)
History of cryptanalysis
I see that a large chunk of the article was just removed. For what reason? — DAGwyn 19:01, 6 April 2007 (UTC)
animal behavorial cryptanalysis
I removed a tag pointing to other species signs and signals. This is so wide a divergence in the sense of cryptanalysis as to be out of context entirely. Linguistically embedded mehaphor being not entirely rational, I'd futher observe that this meaning of the term is entirely unknown to me. ww 11:13, 26 May 2007 (UTC)
- Thanks. You don't actually have to justify the reversion in the Talk page; Wikipedia editors constantly revert "random" additions that make no sense (in addition to obvious instances of vandalism). Usually just a brief reason in the "Edit summary" box will suffice. — DAGwyn 05:45, 27 May 2007 (UTC)
- Actually, I realize that, but I've never bothered to figure out how to add an edit summary to a 'rollback' action. Usually I don't bother, as I did in this case, to explain further, but there is/was an actual point to the tag, just more than a little off any sensible target. Thus... ww 10:50, 27 May 2007 (UTC)
Characterisation of attacks (deduction vs induction)
I hope I'm not being to picky, but I question the use of the word "deduce" in the context of cryptanalysis. It is my experience this is primarily an inductive process based on guesses and experimentation. There can be very little information at the begining of an attack; certainly not enough to solve the system in the way deduction demands. The analyst usually looks for possible known algorithms or mathematically simple methods, which is really more of inductive process. I'd like to see the wording changed so this is more clearly reflected. I'm not going to change it myself, because I don't feel it is my place. I just wanted to throw this out to wp community. —The preceding unsigned comment was added by Mbset (talk • contribs).
- There are elements of both induction and deduction involved, also plain guesswork (confirmed by results). — DAGwyn 16:20, 21 August 2007 (UTC)
- "Deduce" is correct. One has to distinguish between finding an attack against a cryptosystem (i.e., developing an algorithm) and performing the attack (i.e. running the algorithm). While finding the algorithm might be an inductive process, running it is not. The article talks about what the result of the attack is (e.g. key, plaintext etc.). Hence the article is describing what the output of running an algorithm is. 169.231.5.121 07:42, 22 August 2007 (UTC)
- If we were to accept that strange model of cryptanalysis, then the "deductive" part would be of little interest anyway. — DAGwyn (talk) 17:37, 14 March 2008 (UTC)
- "Deduce" is correct. One has to distinguish between finding an attack against a cryptosystem (i.e., developing an algorithm) and performing the attack (i.e. running the algorithm). While finding the algorithm might be an inductive process, running it is not. The article talks about what the result of the attack is (e.g. key, plaintext etc.). Hence the article is describing what the output of running an algorithm is. 169.231.5.121 07:42, 22 August 2007 (UTC)
Legal issues
- Bizarrely, the article fails to address the legal aspects of what is essentially codebreaking or cracking the code, which assumingly is illegal (whereas Cryptography#Legal issues involving cryptography has such section). I suppose there have been some international conventions prohibiting this. Back in the Soviet time, the students at the KGB Higher School trained in this, were referred to only as mathematicians, i understand exactly for legal reasons.Muscovite99 (talk) 23:08, 3 January 2009 (UTC)
- There is no legal standpoint on codebreaking in the UK, and as far as I'm aware there isn't one in the USA either. Legal protection only applies to the data that was encrypted. Obviously if it was government classified or covered by the official/trade secrets acts the unauthorized decryption of such data would be illegal. In most cases it's what you do with the data you get that is covered by law. It is not illegal to break the encryption of an SSL connection, but it is illegal to use someone's bank account details to fraudulently obtain money. However, breaking encryption at work would probably be considered a fireable offence and you wouldn't stand a chance if you tried to take them to court over illegal dismissal. It also may be considered a breach of your ISP's terms and conditions if you try to break encryption of data sent over the internet. 86.14.89.251 (talk) 19:39, 6 January 2009 (UTC)
- Far from being bizarre, when there is nothing useful to say it is best to say nothing. In particular we need to be careful not to offer legal advice, since we are not licensed to do so. — DAGwyn (talk) 15:43, 11 January 2009 (UTC)
- Unassessed Cryptography articles
- Unknown-importance Cryptography articles
- Unassessed Computer science articles
- Unknown-importance Computer science articles
- WikiProject Computer science articles
- WikiProject Cryptography articles
- C-Class military history articles
- C-Class military science, technology, and theory articles
- Military science, technology, and theory task force articles