lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <200503252115.QAA02480@Sparkle.Rodents.Montreal.QC.CA>
Date: Fri, 25 Mar 2005 16:02:06 -0500 (EST)
From: devnull@...ents.Montreal.QC.CA
To: bugtraq@...urityfocus.com, cryptography@...zdowd.com
Subject: Re: Secure Science issues preview of their upcoming block cipher


[The From: header is a broken-autoresponder defense; use the address in
the signature if you want to write to me.]

[quoting order repaired manually -dM]
>> [...] CS2-128 cipher is a 128-bit block cipher with a 128 bit key.
>> This cipher is [...] provably just as secure as AES-128.
> Really?  How does one go about proving the security of a block
> cipher?

Proving it just as secure as another cipher is very different from
proving its security in any kind of absolute sense.

If I wanted to prove two ciphers to be of equivalent security ("just as
secure as"), I would try to find a way to use a break of either to
break the other (with sufficiently trivial transformation cost, of
course).  If I show that any break of CS2-128 can be trivially used to
break AES-128, then I have shown that CS2-128 is at least as secure
than AES-128; if I do the same in the other direction too, I have shown
that it is just as secure.

> My understanding is that you, and others, perform attacks against it,
> and see how it holds up.

That is how to probe its security in absolute terms; it cannot prove
anything in the mathematical sense that is apparently being used here.
(Well, okay, it _can_ prove that a cipher is *in*secure.)  "Provably
just as secure as" has little to nothing to do with the kind of
demonstration of security derived from withstanding skilled attacks.

/~\ The ASCII				der Mouse
\ / Ribbon Campaign
 X  Against HTML	       mouse@...ents.montreal.qc.ca
/ \ Email!	     7D C8 61 52 5D E7 2D 39  4E F1 31 3E E8 B3 27 4B


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ