Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
×
Encryption Security

Irish Girls Encryption Algorithm (Continued) 47

Steven M. wrote a followup to a recent article about the Girl who discovered a new faster encryption alogorithm. It was in all the press recently. There is a new article with a few more details about it. It's not "Better" just "Different". Apparently it's a memory hog for starters. But the article talks about if the algorithm will be publicly released. And it looks like it. It talks about Encryption needing public review. Sorta like source code.
This discussion has been archived. No new comments can be posted.

Irish Girls Encryption Algorithm (Continued)

Comments Filter:
  • Please turn down your keyboard...
  • so what are we talking about "hog" here? [...] i'm asking cause i don't know.

    You're asking because you haven't read the article...one of the few things that it does explain is that the cyphertext is about 5 times larger than one produced by RSA from the same cleartext.

    As usual, commercial news just makes we want to find out what they're really talking about. Does anyone have a source for more detailed information about the algorithm and the people involved?

    Hmm. I wonder if Distributed.Net can help to test this. A brute-force attack would prove nothing, though, so there'd have to be something cleverer going on...perhaps working transformations on very large matrices? Hell, I dunno how parallelizable that sort of job might be...

  • Sure, but maybe there's some secret weakness in
    her math that means you can crack the code quickly
    by using a larger matrix, somehow.

    I'm just making that up -- the example was an
    attempt to imagine what, other than brute force,
    one might attempt to use to compromise an
    encrypted message (or, in this case, the algorithm).
  • Think about it -- if it were a 16-year-old Irish
    boy who came up with this algorithm, would it be getting nearly the publicity it's getting now? It's not news because it's better encryption. It's news because it's a woman ... and the boys' club refuses to admit that it just might be better than anything they've ever done.

    You have a short or very selective memory.

    On August 11, 1998, Slashdot posted a story about a British teen (male) who claimed to have invented an 'unbreakable' 2048bit cypher. The discussion was remarkably similar to this one.

    You also apparently know nothing about cryptograpy or cryptanalysis and the process that a proposed cypher must go through before anyone in their right mind would use it. No matter who designed it.

  • I'm 16 and I'm very interested in computers...the hardware a tad more than software. (Funny, as I write this I'm preparing to take my midterm on C++ - hehe). Anyways, I tried following reading the TwoFish documentation; however, I don't understand some of the terms in it. I read somewhere (more like everywhere) that Bruce's Applied Cryptography book is a very great read for extreme beginners such as myself. I have a rather strong math background (taking High School Calc now). Although, I'm willing to bet that almost none of the math I learned is the type of math involved with Encryption. I tried to take Vector and Matrix Algebra; however, I was the only one who signed up for the course. My township's Board of Education is total garbage (and according to Howard Stern, a bunch of white nazis because we had school on Martin Luther King Day), and they didn't think it was smart to pay a teacher to teach one kid. (Although, that class would quickly rule and I'd learn everything being that it's probably one of the only classes in the country that has a 1:1 teacher to student ratio *grin*). Anyways, I'm thinking about picking up Bruce's book and reading it; however, I dunno if I'll be able to follow all of this advanced stuff. Any more suggestions? I'd really like to learn what she knows or at least half. Maybe even aide in the peer critique process. (Maybe in it's last year after I read about 50 books...)

  • Oh no! Microsoft has just came up with their usual knock-off clone of this encryption technology! Fortunately, the ROT26 source code [min.net] has made it to the outside. Go to hell, Billy!
  • RSA is calling for it to be open sourced, and subject to a lot of peer reviewing. That would be a good thing, especially with how PGP got reviewed. And since she's in Ireland, it should be OK to export the source code (if not she can mail off printed copies!)

  • The headline, at first glance, reads "Irish Girls Encryption." I thought this was some kind of new VR porn game or something.

    Rob, watch your punctuation. ;)

  • please try to stay vaguely on topic. and more childish ranting about microsoft is just plain boring.
  • In his State of the Union address last night, Bill Clinton said:
    "Stability can no longer be purchased at the price of liberty".

    He was talking about China.

    I think this should also apply to his Crypto policy.
  • By making the cryptotext bigger, you're increasing redundancy--no way about it. This is intrinsically insecure. Still, 2x2 matrices--wow! At very least it's an interesting new perspective on crypto methods.
  • If she doesn't would anyone else be able to in
    the future, or would it become prior art after
    being published (she said she was planning on
    publishing it for crypto 99.)

    She is awsome!

  • In what way is this one of the cases where
    redundancy has increased ? A more detailed
    description would be interesting.

    Thanks
  • You said... By making the cryptotext bigger, you're increasing redundancy--no way about it. This is intrinsically insecure. I reply... Bigger is not necessarily more insecure. For example: YES vs. 250519 The latter is the former expressed in alphabet placement--Y is the 25th letter of the alphabet, E is the 5th, and S is the 19th. The former is a significantly more insecure transmission despite its smaller size. Entropy specifies a minimum size, but not all additional noise contains data.

    Once you pull the pin, Mr. Grenade is no longer your friend.
  • Pardon my naïveté, but is faster necessarily better? Would that not make it more vulnerable to brute-force attacks such as those done by distributed.net?
  • Encryption algorithms are not word processors. They are mathematical approaches, and like any other academic progress are pretty much useless unless published and criticized.

    I congratulate Sarah for being level-headed and open, and for looking to publish her results. She does indeed have a bright future.

    The press deserves a hearty slap with a moldy trout for truly lousy reporting. You wouldn't report a cancer cure this cavalierly, would you?
    there.
  • Anyone with a little knowledge about crypto
    knows that algoritms need to stand the test
    of time before they can be taken seriously.
    And when did we start to take our news from
    the mainstream press? Slashdot is getting
    worse every day.
  • by drig ( 5119 )
    It's not a hog in the sense of taking 32 megs of RAM. It's a hog in the sense that the ciphertext is large.

    If you encrypt a session key with a 1024 bit RSA key, the ciphertext will be at most 1024 bits big. If you use this woman's algorithm, it'd be either 4096 bits (which makes sense to me, being a 2x2 matrix) or 8192 bits (which is what the article said).

    The problem here is this means a larger message to send across the wire. But, not so much larger that the algorithm is useless. I mean, 8192 bits is 1K, which is smaller than most images on the net, smaller than most text-only email messages, for that matter.

    The speed isn't a very big issue either. 20x faster than an RSA encryption sounds good, but it doesn't mean much. You do one RSA encryption per session. The encryption generally takes the better part of a second. From 1 second to .05 seconds, once per email or SSL session, doesn't really matter all that much, IMNSHO.

    The big deal with her invention is that it isn't patented, and that we obviously have a brilliant girl on our hands. If she can do this now, watch out for her after she's had a real education. Even if the security is totally flawed, she has impress Ron Rivest with her knowledge of number theory. I don't think I had even heard of number theory when I was 16.
  • The "bashing" of this algorithm has nothing to do with the fact that the author was female. It is standard practice to subject any crypto algorithm for peer review before using it. Proving the security of an algorithm is tough or impossible. Thus, you generally try to break it before you blindly accept that it works.

    Claiming that the author has no peer is simply silly. Saying that the men and women whose works are the basis for all information security today (including people like Ron Rivest, Taher El Gamal and Whit Diffie) are not good enough to look at the work of the author is completely ridiculous.

    Further more, your attitude is not only wrong headed, it is dangerous. If we are to accept this algorithm _before seeing the math and/or code_ simply because the author is female is a recipe for disaster.

    You seem to think we are attacking this girl. That is not the case. We are attackign the press who've heralded this algorithm as the next big thing without doing the proper research. We are treating the author's work in the only responsible manner; by refusing to use it until it has undergone intensive study and testing. This peer review has been applied to every algorithm we use (including RSA and DES...the most popular asymmetric and symmetric algorithms) and is continued to be applied (see the articles on the EFF's awesome Deep Crack and the DES III challenge as well as Daniel Bleichenbacher's latest results against RSA with PKCS1 padding).

    Your attitude is that of an uneducated child, atacking that which you know nothing about. Please educate yourself before you outdo the imbecility done by the press.
  • While new crypto needs to be peer reviewed, I think RSA might have their own reasons for wanting to see the code. This could be a direct competitor to RSA (the algorithm) which RSADSI has patented, not to mention a stranglehold on the worlds e-commerce systems. If RSADSI sees the code they will do one of two things. If they can cryptanalyze it, they will make a massive press release saying "RSA Is Still The Best!!". If they can't, they will quickly usurp it and probally try to get Sarah to patent it for them. Remember, RSADSI's patent on RSA expires next September, so they will be looking for a new cash cow.
  • Ziff-Davis is living up to its reputation for being a mouthpiece for corporate interests. Did anyone else notice that RSA seems a little concerned by a public key encryption algorithm that they can't get royalties from? I think it's very obvious to everyone in the programming community that this new algorithm needs to go through the peer review process, but that doesn't make it any less remarkable. I especially loved the complaint that the ciphertext produced by the algorithm was larger than the one produced by RSA. I think RSA should simply accept the possibility that an algorithm could come from somewhere else than their ivory tower.
  • Are we using the most-signifigant-bit as a modus? If so, then 0xFF is *less* than 255 decimal since it is actually -127. =)
  • While I agree with RSA's assertion that we must test and examine this algorithm stringently; but how many times has Microsoft's FUD assertions been somewhat true, but angled in such a way to threaten the technology? I am merely pointing out that RSA has probably even more interest in scaring people away from a possible public-key encryption algorithm which could be freely licensed than they do in proving the frailties of 56-bit DES. (See also DES-III challenge.) This would break their stranglehold on public-key encryption algorithms in the public eye, making it possible to develop for-profit software that doesn't pay a royalty to them.
    The points they made were valid, it's just that we have to keep an eye on the reason *why* they made them. I don't know the people at RSA personally, but with business and profit comes marketing.
  • Unless it's implemented in public domain software, it falls under one of Wassenaar's categories. So far as I remember, encryption software is explicitly mentioned in the government export control listings.

    I could be wrong but hey! if that were so then the world would be a better place, so I'm probably not.


    K.
    -
  • I tell you the truth, my biggest obstacle to learning math was my professors and my math text books.

    #1 Boring, they don't ever apply it to kewl stuff.

    #2 Ask the prof a question that is kewl and their eyes glaze over.

    #3 The jargon. It isn't like puter jargon that is kinda hip and easy to learn, it gives you a headache remembering words you can't say. Why don't they label things w/ words we can enjoy, 'scuzzy', 'pizza boxes', 'male-female coupler'.. know what I'm saying?

    Y'know I was always great at visualizing logic and inventing my own formulas for solving problems but math teaches flunk you for this even if you can prove it works. Blah math.
  • I'm inclined to agree with you. It seems that they are getting more than a little defensive. This sudden push to have the source code released and "tested" leads me to believe that they want a piece of the proverbial pie.

    I am really happy for Sarah and I wish her all the best in the future! Way to go!
  • If you publish something, it is automatically copyrighted, and you own full rights to the copyright.
  • About half way down the page of this article [independent.ie] is the quote

    ''To be honest, I was just avoiding the issue because I didn't know anything about patenting, she giggles. But I do now. And I will be looking into that.''

You can tune a piano, but you can't tuna fish. You can tune a filesystem, but you can't tuna fish. -- from the tunefs(8) man page

Working...