Re: to sig or not to sig?
From: pbs (pnews_at_lomarline.freeserve.co.uk)
Date: Sun, 05 Oct 2003 12:04:10 +1300
Alan Connor wrote:
> I was hoping for some intelligent feedback. If I wanted to experience the
> taunting of ill-mannered children, I would go to the nearest public
> school. Instead, I chose the Usenet and am surprised to discover that so
> many parents don't monitor their children's computer activities.
"Everything in common but language". I presume you mean state school.
Where I come from public schools are exclusive private schools and cost
their parents about about $30,000 a year. That is not to say of course
that the manners of their children are any better than at a state
> Anyway, if there are any mature and mentally competent adults out there,
> it is my contention that it is very likely that the top levels of government,
> business, and the military have access to computers that make the best
> publicly available ones look like Gameboys.
> You just can't rely on encryption strategies that rely solely on choices
> made by software. There must be elements that only the human mind can
> Here's the system myself and a few friends use:
> If I want to communicate privately with someone, I run a little script
> that puts out a randomly ordered list of 77 2-digit numbers between 00 and
> 99. I get them a copy of it using any medium except the internet and except my
> own phone.
How do you know that they are random and not pseudorandom?
You are using a single-key cypher. And you have all the well known
problems of how to disseminate the key. If you have a secure channel for
exchanging keys, then why do you need cryptography, just send the
information that way? The whole point of PGP and other similar
public/private key pairs is that you can send the public key over the
same channels as the encrypted message without the danger of the
secret/private key being exposed.
[snip your coding ideas (we had better keep them secret)]
I think you should read a little about how the chaps at Bletchley Park
broke enigma. I think you would be amazed at how ingenious they were
at breaking codes.
Here is a piece of text from the document which should accompany PGP
written in 1994 the inventor of PGP Philip Zimmermann:
: When I was in college in the early seventies, I devised what I
: believed was a brilliant encryption scheme. A simple pseudorandom
: number stream was added to the plaintext stream to create
: ciphertext. This would seemingly thwart any frequency analysis of
: the ciphertext, and would be uncrackable even to the most resourceful
: Government intelligence agencies. I felt so smug about my
: achievement. So cock-sure.
: Years later, I discovered this same scheme in several introductory
: cryptography texts and tutorial papers. How nice. Other
: cryptographers had thought of the same scheme. Unfortunately, the
: scheme was presented as a simple homework assignment on how to use
: elementary cryptanalytic techniques to trivially crack it. So much
: for my brilliant scheme.
: From this humbling experience I learned how easy it is to fall into a
: false sense of security when devising an encryption algorithm. Most
: people don't realize how fiendishly difficult it is to devise an
: encryption algorithm that can withstand a prolonged and determined
: attack by a resourceful opponent. Many mainstream software engineers
: have developed equally naive encryption schemes (often even the very
: same encryption scheme), and some of them have been incorporated into