[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

*To*: [email protected]*Subject*: Cryptography of a sort - redux*From*: Dale Thorn <[email protected]>*Date*: Sun, 15 Sep 1996 18:30:39 -0700*Sender*: [email protected]

If anyone remembers my original postings from a couple weeks ago (my first-ever on The Net), I described a method to "shuffle" bits in a text-stream, using simple random-number generators, to insure that the text cannot be descrambled by brute-force methods. It has occurred to me only after this time that there was significant misinterpretation of what I proposed. I do not change any bits of text, I merely reposition them, therefore there is no applicability of standard analysis techniques (XOR masking, whatever) to the decoding process. The result file contains the same number of zero and one bits as it started with, through any number of encryption layers. The only way to recover the original text is to reposition the shuffled bits correctly, which requires brute-force guessing of the pseudo-random-number output. This guess is very simple for the first encoding layer, but compounds exponentially in subsequent encodings, so that after half a dozen or a dozen passes, where the executable program(s) is called from scratch for each pass, the shuffling rapidly approaches true randomness, and cannot be decrypted in practice except through the exact mirror-image reversal of the encryption passes. An example: How long would it take for you to guess the number (between 0 and 32000) I'm thinking of, if you could guess 16 billion numbers per second? Would it be .000001 second, on average? If you had to guess the ten different numbers I'm thinking of, and get all ten correct sequentially, it should take an essentially infinite amount of time, yes? And remember, since computer bits have such low differentiation (ones and zeros), looking for "patterns" and so forth just doesn't apply in this type of encryption. As to the Public Key part of the argument, once there is general understanding on the above points at large, it might then be worthwhile to discuss the advantages and disadvantages of how to make/distribute Private keys, etc. One gentleman on this forum made an argument recently, something to the effect that it wouldn't be worthwhile for Hacker X to try to break into datastream Y, assuming datastream Y is encoded with such-and-such a key, that datastream Y is sufficiently unimportant, and motive for such a breakin would not be great enough to justify the expected effort. To such arguments, all I can say is, this is the computer age, and enough mundane transactions can add up to something significant, or, one could lower the expected-effort ratio, you get the picture.

**Follow-Ups**:**Re: Cryptography of a sort - redux***From:*Mike McNally <[email protected]>

- Prev by Date:
**Pipeline Up** - Next by Date:
**Re: Workers Paradise. /Political rant.** - Prev by thread:
**Pipeline Up** - Next by thread:
**Re: Cryptography of a sort - redux** - Index(es):