[Courses] [security] Crypto Scientists Crack Prime Problem
Cynthia Grossen
cgrossen at lans.mha.org
Tue Aug 13 17:00:15 EST 2002
> 2. have you heard about the 'Expert Encryption System' ? Some info is
> here : http://www.chantilley.com/html/news3.htm Is it any good?
I hadn't run across it before, I don't think. I'd have to see
details on how it actually works before I could offer an opinion as to
whether it's likely to be any good. The ITU citing is a good thing, but
so much of good crypto is in the implementation. I'd have to see
details.
----------------------
I haven't ever heard of it before either, but after reading the press
release snake oil comes to mind.
They throw in some acronyms b/c no security system is complete w/o acronyms.
[Expert Encryption Standard (XES) and Appropriate Key Management (AKM)]
neither one really says anything either, what exactly is appropriate key
management, is that like not storing your key in a file named 'secret
encryption key here'? And expert encryption system has a nice sound to it.
If you do a google on it you get nothing, so no papers about it, that's a
big warning sign. Same with "Appropriate Key Management".
A search on the good doctor (Dr. W. M. Hawthorne Chantilley) reveals nothing
except the company website and the press release. Bad bad where does he
work? (which university or gov't agency) and what papers has he written?
After looking at their website I did find some papers:
http://www.chantilley.com/html/papers.htm, if you're interested they aren't
long. I don't really know enough math to evaluate them so I won't.
it looks like the idea of one-time pads plays heavily in their algorithm and
its also looks like they are using a pseudo-random number generator to
create the one-time pads. Which is suspect in my book. The paper that I
looked at about the generator implies that its showing a 'dumbed-down'
version though.
They mention patents and that always sets off alarm bells for me, but at
least they don't talk about "proprietary encryption protocols".
Also the ITU citing references a facsimile protocol, and I don't generally
think of faxes as needing a high degree of security and I also wouldn't want
a heavy-duty algorithm for that purpose b/c it would increase the price of
the fax machine too much and decrease performance. You need a processor
powerful enough to encrypt and decrypt on-the-fly, and even then it still
takes some time.
"Even with a key strength of up to 1152-bit currently it runs over 20 times
faster than DES and at 1152-bit it is so secure that it would take a very
long time to break. How long would it take to break XES 1152? Dr Hawthorne
explains: "Suppose that, at some future date, computers were so powerful
that they could break AES256 in one second then it would still take, on
average, 10262 years to break XES1152 (that's "10" followed by 261 zeros).""
-- this is meaningless. DES has been out of date for at least the last ten
years and really more like twenty. They do mention AES but there is not
enough info there to really make any conclusions one way or another, but
I'll put my $ on Rjindael(AES [Advanced Encryption Standard] -- the
replacement for DES), at least that's been looked at by crypto researchers
the world over and vetted by the NSA. Plus there are solid implementations
of Rjindael out there in C and a few other programming languages (for
example foxpro has an implementation, its really just a wrapper around the C
code though.)
http://csrc.nist.gov/encryption/aes/rijndael/
As a general rule, if the main source of info about an encryption system is
a press release I take it with a big, huge grain of salt. *like really big*
;)
.cyn.
More information about the Courses
mailing list