Jump to content

Talk:Cryptanalysis: Difference between revisions

Page contents not supported in other languages.
From Wikipedia, the free encyclopedia
Content deleted Content added
Reverted - posted to wrong article
Line 67: Line 67:
:There is no legal standpoint on codebreaking in the UK, and as far as I'm aware there isn't one in the USA either. Legal protection only applies to the data that was encrypted. Obviously if it was government classified or covered by the official/trade secrets acts the unauthorized decryption of such data would be illegal. In most cases it's what you do with the data you get that is covered by law. It is not illegal to break the encryption of an SSL connection, but it is illegal to use someone's bank account details to fraudulently obtain money. However, breaking encryption at work would probably be considered a fireable offence and you wouldn't stand a chance if you tried to take them to court over illegal dismissal. It also may be considered a breach of your ISP's terms and conditions if you try to break encryption of data sent over the internet. [[Special:Contributions/86.14.89.251|86.14.89.251]] ([[User talk:86.14.89.251|talk]]) 19:39, 6 January 2009 (UTC)
:There is no legal standpoint on codebreaking in the UK, and as far as I'm aware there isn't one in the USA either. Legal protection only applies to the data that was encrypted. Obviously if it was government classified or covered by the official/trade secrets acts the unauthorized decryption of such data would be illegal. In most cases it's what you do with the data you get that is covered by law. It is not illegal to break the encryption of an SSL connection, but it is illegal to use someone's bank account details to fraudulently obtain money. However, breaking encryption at work would probably be considered a fireable offence and you wouldn't stand a chance if you tried to take them to court over illegal dismissal. It also may be considered a breach of your ISP's terms and conditions if you try to break encryption of data sent over the internet. [[Special:Contributions/86.14.89.251|86.14.89.251]] ([[User talk:86.14.89.251|talk]]) 19:39, 6 January 2009 (UTC)
:Far from being bizarre, when there is nothing useful to say it is best to say nothing. In particular we need to be careful not to offer legal advice, since we are not licensed to do so. — [[User:DAGwyn|DAGwyn]] ([[User talk:DAGwyn|talk]]) 15:43, 11 January 2009 (UTC)
:Far from being bizarre, when there is nothing useful to say it is best to say nothing. In particular we need to be careful not to offer legal advice, since we are not licensed to do so. — [[User:DAGwyn|DAGwyn]] ([[User talk:DAGwyn|talk]]) 15:43, 11 January 2009 (UTC)

== Putting attacks in perspective ==

Seems like it could be useful to provide some concrete examples of attacks on modern algorithms, to complement the sort of abstract section in there now that's describing how attacks can be useful or not.

So, we could list the various attacks that have been effective (breaks in weak DRM/closed crypto, badly broken ciphers, the 2008 MD5 break, the RC4 WEP crack, etc.) or at least demonstrated in theory (DES linear cryptanalysis, SHA-0 collisions) and compare them to cryptanalysis at least isn't yet a threat to real cryptosystems even if it's academically important (the related-key attacks on reduced-round AES, the inapplicability of DES attacks to 3DES, SHA-2 attacks, etc.).

The other thing that I'm reminded of while writing that is that we should have a shout out to protocol/application breaks that aren't algorithm breaks, with examples. Maybe there's a good Wikipedia article on protocol attacks? Haven't looked.

Revision as of 21:54, 6 March 2010

WikiProject iconCryptography: Computer science Unassessed
WikiProject iconThis article is within the scope of WikiProject Cryptography, a collaborative effort to improve the coverage of Cryptography on Wikipedia. If you would like to participate, please visit the project page, where you can join the discussion and see a list of open tasks.
???This article has not yet received a rating on Wikipedia's content assessment scale.
???This article has not yet received a rating on the importance scale.
Taskforce icon
This article is supported by WikiProject Computer science.

Template:CryptographyReader

WikiProject iconMilitary history: Technology C‑class
WikiProject iconThis article is within the scope of the Military history WikiProject. If you would like to participate, please visit the project page, where you can join the project and see a list of open tasks. To use this banner, please see the full instructions.
CThis article has been rated as C-class on the project's quality scale.
B checklist
Associated task forces:
Taskforce icon
Military science, technology, and theory task force

Article needs work

This article seems a bit incoherent. whats this "two-key" stuff? You mean public key / asymmetric cryptography, or what? And "one-key" means what? Symmetric cryptography?

Also, chosen ciphertext and chosen plaintext attacks are different for symmetric crypto. For symmetric crypto, attacks are: ciphertext-only, known-plaintext, chosen-plaintext and chosen-ciphertext (in order of increasing strength.) For assymetric, the three main attacks are: known-plaintext, chosen-ciphertext and adaptive chosen-ciphertext.

This page needs to be rewritten by someone who knows what they are talking about (I know enough to know this page is awful, but I'll leave fixing it to those more knowledgeable than I...) -- SJK

What do do about cryptanalysis assumptions?

There's some short stub-esque pages on the various types of cryptanalysis attacks: known-plaintext attack, chosen plaintext attack, ciphertext-only attack, chosen ciphertext attack, adaptive chosen ciphertext attack. They are all quite short and similar, and its unlikely they'll every expand into longer articles. Some options:

  1. Keep the short pages. If this was the case, you'd want to add things like "adaptive chosen plaintext attack" and "related-key attack" and (believe it or not) "related-cipher attack".
  2. Merge them all into a Scenarios for cryptanalysis article.
  3. Merge them all into cryptanalysis.

I'd favour doing 2., seeing how long the article is, and then deciding whether to do 3.

Matt 02:59, 13 Mar 2004 (UTC)

Matt, I think keeping (and adding to) the stubesque pages makes some sense, when combined with 2. The problem is that no _real_ sense of the operation of cryptanalytic technique can be anything less than detailed -- probably far too detailed for a WP article, even a technical one. But any attempt to do so, which I would nevertheless encourage (it might be possible for one or another technique), should be kept quarantined. More or less the way the mathematics or physics people have done in some cases.

Nevertheless, an overview of cryptanalysis (how to think about it, how to consider choosing an attack technique, what informatio is needed to decide, ...) would be useful. Both to the somewhat curious reader (more ambitious than the average) and to the serious reader. It's hard to keep the abstraction levels straight when thinking about crypto generally and abotu cryptoanalysis in particular, so whatever illumination is possible would be well, even for the serious reader.

Comments?

ww 16:09, 15 Mar 2004 (UTC)

The modern treatment of this stuff is in terms of the random oracle model. There should definitely be an article explaining terms like IND-CPA and IND-CCA security (CPA=chosen plaintext attack, CCA=chosen ciphertext attack, etc). But it shouldn't be in the main cryptanalysis article. I've been wanting for a while to write something on those topics but I'm too busy right now. Rogaway and Bellare have an excellent downloadable textbook that I'll try to add a link to. Phr 08:41, 16 February 2006 (UTC)[reply]

Presumably this is the text-book http://www.cs.ucsd.edu/~mihir/cse207/classnotes.html --AWZ (talk) 19:16, 3 February 2008 (UTC)[reply]

Can somebody check the link on "Shannon Information" (the Shannon part)? It used to point to a disambiguation page. I've changed it to what I think is the right person, but I'm not completely sure... Ealex292 02:12, 10 Apr 2005 (UTC)

I've never heard the term "Shannon Information" before, but from context it just means the cryptanalyst has gained information that lowers the effective Shannon entropy of the (unknown) plaintext. For example, suppose you have a ciphertext and you know that the plaintext was written in either English or French, but you don't know which, and you consider both equally likely. If you have a statistical method that doesn't yield any plaintext, but can determine from the ciphertext that the plaintext is 65% likely to be English, that would be an information deduction attack. In general, perfect security means that for a given ciphertext, all plaintexts are equally likely. Any algorithm that discloses that some plaintexts are more likely than others is an attack. Phr 08:38, 16 February 2006 (UTC)[reply]

History of cryptanalysis

I see that a large chunk of the article was just removed. For what reason? — DAGwyn 19:01, 6 April 2007 (UTC)[reply]

animal behavorial cryptanalysis

I removed a tag pointing to other species signs and signals. This is so wide a divergence in the sense of cryptanalysis as to be out of context entirely. Linguistically embedded mehaphor being not entirely rational, I'd futher observe that this meaning of the term is entirely unknown to me. ww 11:13, 26 May 2007 (UTC)[reply]

Thanks. You don't actually have to justify the reversion in the Talk page; Wikipedia editors constantly revert "random" additions that make no sense (in addition to obvious instances of vandalism). Usually just a brief reason in the "Edit summary" box will suffice. — DAGwyn 05:45, 27 May 2007 (UTC)[reply]
Actually, I realize that, but I've never bothered to figure out how to add an edit summary to a 'rollback' action. Usually I don't bother, as I did in this case, to explain further, but there is/was an actual point to the tag, just more than a little off any sensible target. Thus... ww 10:50, 27 May 2007 (UTC)[reply]

Characterisation of attacks (deduction vs induction)

I hope I'm not being to picky, but I question the use of the word "deduce" in the context of cryptanalysis. It is my experience this is primarily an inductive process based on guesses and experimentation. There can be very little information at the begining of an attack; certainly not enough to solve the system in the way deduction demands. The analyst usually looks for possible known algorithms or mathematically simple methods, which is really more of inductive process. I'd like to see the wording changed so this is more clearly reflected. I'm not going to change it myself, because I don't feel it is my place. I just wanted to throw this out to wp community. —The preceding unsigned comment was added by Mbset (talkcontribs).

There are elements of both induction and deduction involved, also plain guesswork (confirmed by results). — DAGwyn 16:20, 21 August 2007 (UTC)[reply]
"Deduce" is correct. One has to distinguish between finding an attack against a cryptosystem (i.e., developing an algorithm) and performing the attack (i.e. running the algorithm). While finding the algorithm might be an inductive process, running it is not. The article talks about what the result of the attack is (e.g. key, plaintext etc.). Hence the article is describing what the output of running an algorithm is. 169.231.5.121 07:42, 22 August 2007 (UTC)[reply]
If we were to accept that strange model of cryptanalysis, then the "deductive" part would be of little interest anyway. — DAGwyn (talk) 17:37, 14 March 2008 (UTC)[reply]
  • Bizarrely, the article fails to address the legal aspects of what is essentially codebreaking or cracking the code, which assumingly is illegal (whereas Cryptography#Legal issues involving cryptography has such section). I suppose there have been some international conventions prohibiting this. Back in the Soviet time, the students at the KGB Higher School trained in this, were referred to only as mathematicians, i understand exactly for legal reasons.Muscovite99 (talk) 23:08, 3 January 2009 (UTC)[reply]
There is no legal standpoint on codebreaking in the UK, and as far as I'm aware there isn't one in the USA either. Legal protection only applies to the data that was encrypted. Obviously if it was government classified or covered by the official/trade secrets acts the unauthorized decryption of such data would be illegal. In most cases it's what you do with the data you get that is covered by law. It is not illegal to break the encryption of an SSL connection, but it is illegal to use someone's bank account details to fraudulently obtain money. However, breaking encryption at work would probably be considered a fireable offence and you wouldn't stand a chance if you tried to take them to court over illegal dismissal. It also may be considered a breach of your ISP's terms and conditions if you try to break encryption of data sent over the internet. 86.14.89.251 (talk) 19:39, 6 January 2009 (UTC)[reply]
Far from being bizarre, when there is nothing useful to say it is best to say nothing. In particular we need to be careful not to offer legal advice, since we are not licensed to do so. — DAGwyn (talk) 15:43, 11 January 2009 (UTC)[reply]

Putting attacks in perspective

Seems like it could be useful to provide some concrete examples of attacks on modern algorithms, to complement the sort of abstract section in there now that's describing how attacks can be useful or not.

So, we could list the various attacks that have been effective (breaks in weak DRM/closed crypto, badly broken ciphers, the 2008 MD5 break, the RC4 WEP crack, etc.) or at least demonstrated in theory (DES linear cryptanalysis, SHA-0 collisions) and compare them to cryptanalysis at least isn't yet a threat to real cryptosystems even if it's academically important (the related-key attacks on reduced-round AES, the inapplicability of DES attacks to 3DES, SHA-2 attacks, etc.).

The other thing that I'm reminded of while writing that is that we should have a shout out to protocol/application breaks that aren't algorithm breaks, with examples. Maybe there's a good Wikipedia article on protocol attacks? Haven't looked.