[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Will all codes and ciphers be broken?



Duncan Frissell and Dave Emery have commented on the popular notion
that all codes and ciphers will "eventually" be broken. 

Dave Emery wrote:

> 	Casually looking at the history of the past 100 years or so of
> cryptanalysis, particularly what has been recently revealed recently
> about US/British triumphs in World War II, shows a number of startling
> successes against what were thought (and even now seem to ordinary
> minds) to be intractable ciphers.  It is not very hard to see why
> popular mythology, which usually lags the cutting edge of science by at
> least several years and even sometimes several decades emphasizes
> decryption. After all, decryption seems to have been winning the last
> time we were allowed to have a look.

On the other hand, Bamford pointed out in 1982 (in "The Puzzle
Palace") that no significant Soviet cipher had been broken _directly_
for at least a decade, as near as he and other experts could tell
(there are clearly uncertainties in what the NSA was able to do, but
this wa Bamford's best estimate).

Ditto for the Soviets not having broken U.S. ciphers in at least as
long a time.

What code and cipher breaking had occurred had generally happened
through HUMINT sources, as with the Walker spy ring (which sold old
code books, allowing earlier traffic to be reconstructed). Black bag
jobs, bugging of buildings, etc. And I have no idea what crypto
material Aldrich Ames transferred.

> 	It will take a while before appreciation of the fundemental
> revolution represented by number theory based ciphers sinks in.  Even
> the simple understanding that there exist unbreakable ciphers right now
> that anyone with a floppy disk drive can implement is too advanced to
> sink in very far. 

I agree. Even Tom Clancy mythologizes crypto and usually gets it wrong.

...
> as someone who follows this technology).   All the current triumphs have
> been based on exploiting holes (mostly involving cloning) in the
> key distribution and management in an environment where your enemy
> both necessarily has the complete cipher device and several copies
> of known to work keys.  

Exactly.

In fact, at the last physical Cypherpunks meeting I arrived a few
minutes late, in the midst of a debate about whether noise sources
from audio inputs were "random enough" to defy cryptanalysis by the
NSA.

After listening for a while I had to speak up: In the history of
modern cryptanalysis is there _any_ evidence that a single message has
been broken because of something like this?

I speculated that any slight reductions of entropy, thus allowing
slight increases in the ability to predict the bits, are dwarfed by
many orders of magnitude by more practical concerns. For example, the
proliferation of keystroke capture utilities which capture and store
all keystrokes entered for later retrieval.

(I acknowledge the importance of high entropy noise sources, I just
question the nit-picking about it when such much more tractable
attacks exist.)

--Tim May


-- 
..........................................................................
Timothy C. May         | Crypto Anarchy: encryption, digital money,  
[email protected]       | anonymous networks, digital pseudonyms, zero
408-688-5409           | knowledge, reputations, information markets, 
W.A.S.T.E.: Aptos, CA  | black markets, collapse of governments.
Higher Power: 2^859433 | Public Key: PGP and MailSafe available.
Cypherpunks list: [email protected] with body message of only: 
subscribe cypherpunks. FAQ available at ftp.netcom.com in pub/tcmay