Talk:Cryptography: Difference between revisions

Template:Featured article is only for Wikipedia:Featured articles. Template:Mainpage date

Template:CryptographyReader Template:Todo priority

• /archive1 - February-May 2004
• /archive2 - Aug 2004-March 2006
• /archive3 - March 2006-June 2006

Congrats

Congrats to the editors of this article for the FA status, Great work!--ppm 19:22, 3 July 2006 (UTC)

copyedit

Someone run this through a spell check please. 134.193.168.251

someone needs to check this articles image in the top right corner. it displays both a crypto machine (the image it should be) and an adult nude image. If you refresh the page in ur browser or go back and forth from the main wiki page it will show up. seems someone's hidden one beneath the other. Sorry i didn't know where else to report this abuse. Hope it will be removed soon. —The preceding unsigned comment was added by 62.254.72.122 (talk • contribs) .</sm>

FA

I'm back after an absence--congrats on reaching FA, and especially for the revisions of the early sections (intro and history), which are well done. I think we need some more coverage of crypto theory, both in this article and in Wikipedia in general. We have some beginnings but Wikipedia is still nowhere near as strong in this area as it is in (say) general math topics. There's not good reason for that--crypto theory isn't less comprehensible than, say, homology theory. I'll contribute what I can but I'm just a coder. I wish that the real experts here would get more involved in this area, and that more such people would join in. --Phr (talk) 06:33, 10 July 2006 (UTC)

Phr, I'd object to your self-characterization as being "just a coder". Coders of the world unite, for the world's embedded intelligence toys and other cyber stuff depends on us!!!

More seriously, the problem is not so much the incomprehensibility of crypto theory, it's in the application and vulnerability analysis. The engineering side, if you will. That requires a certain amount of twisted brain wiring, which isn't so common. Probably fortunately, as we cryptiacs are, to tell an uncomfortable truth a la EWD, usually just a little 'different' than the usual run of technical folk. The plenitude of crypto snake oil, not all of it from identifiably Bozo Crypto organizations either, argues that fuller understanding is rather more scarce on the ground than is an understanding of the underlying mathematics and source code. Even Bruce Schneier has come to the conclusion that mechanism is the lesser part of security; see his more recent books, save Practical Crypto which he and Ferguson think is sort of Applied Crypto updated.

All that said, I agree that more coverage of theoretical crypto would be a good thing. But, unlike maths, the surrrounding context (inescapable for serious accounts) is actually hard to convey without leaden prose, which WP should eschew. Non-trivial experience speaks here. Contingency, especially with regard to intention (something everyone has 'strong understanding' of, is quite hard to deal with. ww 15:27, 10 July 2006 (UTC)

I'm not sure what you mean. Rogaway and Bellare's book is pretty accessible to readers with a reasonable math background. It's a CS theory book, not an engineering book or security book. But anyone working seriously in cryptography has got to know this stuff, and WP's coverage is quite weak. We can't address problems in applying the theory unless we first know the theory. I have Practical Cryptography and am not all that impressed with it, by the way. Phr (talk) 11:06, 16 July 2006 (UTC)

Phr, Just noticed this, sorry. I agree with much of what you say, but note that WP is not an instructional book. We're not trying to 'address problems in applying the theory' here, just write up knowledge in a somewhat choppy form. So it's not a disaster if the theory isn't presented as a text would, especially since we're writing not for students but for the Average Reader I keep speaking up for.

You know, encyclopdias are a little weird. Chunks with little connection to others; WP improves on thiw with the linking business, but lets just anyone edit anything. Whcih leaves the informed on more or less permanent clean up detail.

As for PC, what's your objection? It seems to me to tell some unpleasant truths (a la EWD's famous note) in the context of some practical advice on design. You don't like the absence of theory? Or what? ww 04:39, 23 July 2006 (UTC)

NPOV re encrypted Nero reference

In "History of cryptography and cryptanalysis" in reads in part "For instance, early Christians used cryptography to obfuscate parts of their religious writings to avoid near certain persecution they would have faced had they been less obscured; famously, 666, the Number of the Beast from the Christian New Testament Book of Revelation, is sometimes thought to be a ciphertext referring to the Roman Emperor Nero, one of whose policies was [1]persecution of Christians."

I do not believe this conforms to a Neutral Point of View. It clearly takes a side in one of the most fiercly debated books of the Bible, Revelation. For another view, see [[1]]. I propose that this section be deleted, unless in can be rewritten to conform to a Neutral Point of View. And if it can, I don't see the point of even mentioning a minority interpretation of a religious text in a non-religious article. Tmchk 03:23, 23 July 2006 (UTC)

Do you have a way to make it more neutral without delving into the subject deeply? How about if we said "to be a coded reference" instead of "to be a ciphertext referring to ..."? That is, if we just describe it as a ciphertext without getting into what it's a ciphertext of? Mangojuice^talk 04:02, 23 July 2006 (UTC)

As it says that some think this way, where's the NPOV? Some do in fact think this way. That others do not is true, but no claim is made here as the actual truth of the meaning meant by the writer. And, in any case, comeone has removed a note that an early variant text has 616, which is also generated by an alternate phrase for Nero. This article is taking no stance on any theological question, so I can't see a problem. All that said, this is an awkward sentence and should be rewirten. The 'famously' is wrongly placed. ww 04:27, 23 July 2006 (UTC)

That seems to work. Although, I still think the line "early Christians used cryptography to obfuscate parts of their religious writings" takes a theological stance, particularly the word "obfuscate", which means " 1. To deliberately make more confusing in order to conceal the truth[2]. Can that really be said to take a NPOV? This suggests that what the Bible says was deliberately altered to conceal the truth. Whether the Bible is the inspired Word of God to be taken literally or simply a collection of religious writings to be interpreted metaphorically is a theological question. I do think that the article can be rewritten, but how do we mention that "early Christians may have used cryptography to obfuscate parts of their religious writings"? Referencing early ciphertexts to show the progression of cryptography makes perfect sense, as long as they can be substantiated. But what is the reason for referencing an interpretation of the Bible? I know of no primary sources that would indicate that the Number of the Beast was a reference to Nero. Granted, there are secondary sources, but if it was true that 666 refers to Nero, than why is it that those who believed so(assuming that there were those that believed so), contemporary to the time, just happen to leave no surviving record?Tmchk 03:13, 24 July 2006 (UTC)

In the absence of such report, the meaning of such an encryption is likely to be subject to controversy. However, a long standing Hebrew tradition of asscoiating numeric values with letters does result in 666 when applied to a common phrase referring to Nero. And a possible less common phrase for Nero also generates 616 (recently turned up in a variant text of Revelations). Seems plausible / possible, if not definitive, that is what accounts for such odd numbers in the midst of otherwise apocalyptic text.

As for the motivations (or lack of contemporaneous references explaining the whole thing), well... There was a considerable danger in saying things about the Emperors and the Roman government. You could be killed in quite unpleasnat ways as the government took steps to prevent the spread of dangerous viewpoints. So concealment of your true meaning, and not mentioning that meaning in otherwise acceptable writing is not at all hard to understand. And if anyone actually did mention it, there's a good chance the material has not survived; lots of stuff has been lost.

The point of mentioning this is not to take a theological stance, or even to assert that THE MEANING OF 666 (or 616) IS <something or other>, but to note that there is a non-trivial chance that it might be and the crypto was used for such purposes in yet another context long ago.

We might have used the encrypted glaze formula some Mesopotamian potter wrote down (encrypted) also, or the more troublesome as an example of confidentiality, encrypted hierogliphic insecriptions from the Old Kingdom.

I conclude the example is innocnet, and that none have grounds for taking umbrage. ww 16:03, 24 July 2006 (UTC)

Rivest photo

Nothing against Rivest but we've credited the public-key concept to Diffie and Hellman; shouldn't we use their photos instead of Rivest's in that section? Phr (talk) 07:25, 10 July 2006 (UTC)

Sure, and we should find contrasting photos. Wild man Diffie, and button down Hellman. Anyone have any sources? But what about Williamson and Cocks and Ellis? ww 15:33, 10 July 2006 (UTC)

DH's contribution was first, but to be fair, Rivest is more important than either of them. However, the picture is a bit boring; I just added it during the WP:FAC b/c of some of the comments, and because we already had the picture and it had a free license. Mangojuice^talk 16:59, 10 July 2006 (UTC)

There are pictures of Diffie and Hellman in their articles. I think the Rivest picture just jarred me because it was overlarge. I removed the size tag so it shows up at the default size now, which looks better IMO (at least with my default settings). If I go to Crypto 2006, I can shoot some more pictures (D and H both usually attend). I don't see how Rivest is more important; if the RSA algorithm was never discovered or didn't work, we'd be fine; DH turns into a public key algo in the obvious way, and we'd presumably still get El-Gamal signatures a while later, or at worst we could sign with Merkle hash trees. Phr (talk) 22:08, 10 July 2006 (UTC)

Cipher vs. Cypher

Can we split that issue off into a separate article? E.g.:

Main article: cipher vs. cypher spelling controversy

which could have its own illustrations and subchapters? I really want to remove it from the cryptography overview article. It's just not significant. Phr (talk) 10:55, 16 July 2006 (UTC)

I really don't think so. Is it even a notable controversy? Some people are adherents of one, some of the other... isn't that the extent of it? I've altered the text so it just says "A cipher (or cypher)..." as the extent of covering this. It mentions the alternate spelling, I think the alternate spelling is important enough to mention, but this article is not about whether people use "cipher" or "cypher". Mangojuice^talk 12:35, 16 July 2006 (UTC)

Absolutely, it is one of the most vitally important questions of our time. There is going to be a UN resolution about it, I hear. Seriously, I was being facetious, I just thought we had taken the spelling thing out of the article before, and it reappeared and then grew. I just want to get rid of it altogether, but the current version is tolerable. Phr (talk) 18:42, 16 July 2006 (UTC)

Have to agree with you both. This is the most important Teapot Tempest with which I'm acquainted. But I agree with Phr, we've noted it, and that should be enough to alert our Reader to the whole thing. But perhaps a link to the Project page entry would be reasonable...? Nah...

On another note, Mango, I still haven't gotten my browser to behave and so am quite a good bit behind in looking at changes here. Appeal to technical help here has been unedifying. Perhaps a bug report? ww 20:20, 16 July 2006 (UTC)

What kind of browser probs? Phr (talk) 04:31, 17 July 2006 (UTC)

Basically, when looking at a diff, sometimes the width of one side or the other will be unreasonably long, which makes looking at the actual changes difficult. Yeah, maybe a bug report? But really, I don't think it's a bug; you'd be asking for a feature/improvement. Mangojuice^talk 14:34, 17 July 2006 (UTC)

Mango has it about right save that it's not so intermittent, and makes actually working near to impossible. Thi sis one of the articles it's happening with and it accounts for my having been effectively locked out of reviewing edits ans responding to them. Highly annoying. It's only begun to be common in the last few months, having been much less frequent before that. It's becoming unlivable when it occurs. Adn I haven't been able to make out a pattern sufficient for a responsible bug report. And it would be a bug, because the current satus of the feature is highly user hostile. So much so it's a misfeature (=bug). ww 20:26, 17 July 2006 (UTC)

See: http://bugzilla.wikimedia.org/show_bug.cgi?id=1438 - it may be one of the issues linked from there, and there are some workarounds described. Phr (talk) 23:28, 17 July 2006 (UTC)

7/21/06 edits

Some notes on my edits today: (1) "cryptography/cryptology" is not analagous to "biography/biology;" I know of no real analagous example, so I took that part out. (2) removed steganography from the "in recent decades" list since that's also an ancient-times development, (3) rewrote the description of stream ciphers for accuracy, (4) removed the bit about Merkle working on PK encryption to a footnote; not that I doubt it, it's just that (a) there's no source for it and (b) this interesting trivia distracts from the flow. (5) I introduce elliptic curve cryptography a little earlier. (6) Removed the term "cillies" though I kept the link; the name is a little too intriguing, and disrupts the flow, but the example is still worth linking to. Otherwise, just minor phrasing and such. Tomorrow (7/22/06) this article will appear on the main page, so I wanted to do a check over and make sure there was nothing embarassing. Mangojuice^talk 15:58, 21 July 2006 (UTC)

Oh man, I didn't know about this main page appearance, I guess it's too late to get it postponed, there's really some significant changes I think we ought to do first. (tries to shake off stage fright). I think the biology analogy was strictly with cryptology, and didn't extend to cryptography/biography, but ok. I'll see what quick fixes I can make today. I wish there could have been more discussion beforehand about this main page thing. Phr (talk) 16:13, 21 July 2006 (UTC)

I too will try to make a last pass, though without much reference to prior posts because I'm still having 'compare' fun. I'll concentrate on small edits and won't change anything large. ww 16:19, 21 July 2006 (UTC)

Couple things I better ask first before doing: 1) I'd like to remove Cryptonomicon from the further reading section; it's a great novel but cryptography only slightly figures into it. I'm a little worried about that section turning into a spam magnet. 2) I'd like to replace the photo of Rivest in the public key section with one of Diffie and Hellman (I can make a composite image from the separate pics that are in the Diffie and Hellman biographies, so it would still be one thumbnail in the article). Let me know of any objections. Phr (talk) 17:09, 21 July 2006 (UTC)

I did the photo change. I also rewrote the first paragraph of the public-key section, which previously overstated things somewhat. But the new version maybe isn't strong enough. Please take a look. Phr (talk) 18:22, 21 July 2006 (UTC)

Actually Cryptonomicon is shot through with crypto (or odd takes on it) and mentions quite a few historical figures. In addition to inventing some. Not sure I'd call it a geat novel... I'd keep it, as spam magnitude is not something we can control at all. If something attracts bad posts, we can have an admin lock it down for a while. ww 18:49, 21 July 2006 (UTC)

Cryptonomicon should probably remain, as it was something that got added b/c of comments during the FAC process. :) But I also think it's appropriate for the list; there isn't much on the lighter side there. I like the new picture. Mangojuice^talk 19:35, 21 July 2006 (UTC)

I added a link to Wide Mouth Frog for a lighter tone, and if someone thinks we need more, I nominate either Kerchoff's entire name (it's a mile long) or a sentence or two in the crytpanalysis section about possible origins of the name bombe (as in Engima). ww 22:34, 21 July 2006 (UTC)

I removed that sentence in my latest revision. Wide Mouth Frog (which I'd never heard of; perhaps Needham-Schroeder would be a better choice?) really belongs under "cryptographic protocols", not in the primitives section. Also, I removed the bit about primitives being used to make cryptosystems and digital signatures, because that kinda misrepresents things; those are other types of primitives, really. Also, I remove the disclaimer about ciphers that may use the same algorithm in both directions. Yes, that's true, but it's too detailed for that part of the article. Mangojuice^talk 02:22, 22 July 2006 (UTC)

All stylistic points, I fear. We've not time enough to settle out on this stuff just now. I strongly disagree with the point about primitives, but it's a point about classification of items in categories mostly. I think not optional, but you clearly have a different classification in your mind for these things. ww 02:36, 22 July 2006 (UTC)

Clearly, primitives can be used to build everything. However, I don't think the study of how they build everything falls under the heading of cryptographic primitives. Some are clearly under the heading of cryptographic protocols, for instance. Mangojuice^talk 02:48, 22 July 2006 (UTC)

Let's archive the talk page

We will probably get a lot of new entries tomorrow. Phr (talk) 20:17, 21 July 2006 (UTC)

The seige has begun. It will take some time to look over them all. Especially with my browser soing the long horizontal with a vengance. Arise, ye editors!! ww 05:14, 22 July 2006 (UTC)

Try installing Wikipedia:Tools/Navigation popups, then just float your cursor over the "diff" label in the history list. The only change so far that I take much issue with is someone more or less chopped out the 2nd paragraph about all the different kinds of math used in cryptography. I'm so used to that paragraph (because we all worked on it a lot) that I can't tell if the shorter version is an improvement or not. The old version was definitely long-winded, but I felt it conveyed the sweep of the subject. Phr (talk) 05:22, 22 July 2006 (UTC)

I felt the same way, but they actually moved the paragraph to somewhere further down. I approve of it, FWIW. Mangojuice^talk 05:40, 22 July 2006 (UTC)

Done; I archived all sections started in June or earlier. Mangojuice^talk 20:20, 21 July 2006 (UTC)

CSP article review request

I've expanded a stub that I found about Microsoft Cryptographic Service Providers, based on my unreliable memory of having had to mess with those things years ago. Anyone knowledgeable about them is invited to take a look. Phr (talk) 16:23, 14 August 2006 (UTC)

change of rediscovered to learned of should be reverted

A recent edit made this change, and the edit summary speculated that perhaps IBM had merely learned of it. My memory is that Don Coppersmith, an IBM member of the Lucifer/DES team, explained publicly that the reason the S-boxes are so resistant to diff crypto is that IBM had discovered it, brought it NSA's attention, and were told in essence, we know all about it and would appreciate it if you kept quiet about it for national security reasons. Coppersmith made his comments after Biham and shamir went public with their discovery. Unless my memory has reached new lows in reliability, I think this should be reverted. The IBM folk should be treated fairly. ww 16:45, 17 August 2006 (UTC)

I am all for giving IBM whatever credit it deserves, but normally people only get credit for what they publish. Claims of unpublished invention should be met with skepticism. If Coppersmith or the other IBM guys claimed to have rediscovered differential cryptanalysis independently of NSA, then that claim might be cited. But those guys only claim that they learned about it, not that they invented it. I say that, before reverting, you should document the claim from what the IBM guys said in some verifiable souce. Roger 17:50, 17 August 2006 (UTC)

Steven Levy states in Crypto that IBM discovered DC independently of the US government (p. 56 in my edition). That qualifies as a reliable enough source, IMO, to use here, unless it's otherwise disputed in the literature? (Personal opinion: after reading Feistel's early papers on block cipher design, and his "tickling" of inputs, I can quite believe that IBM came up with it on their own. Moreover, I simply could not imagine the NSA teaching a powerful & general cryptanalysis technique to a civilian company). — Matt Crypto 21:33, 17 August 2006 (UTC)

No, Levy is not a reliable enough source. His source is Coppersmith, and I say that Levy misread him. Here is what Coppersmith wrote: [3]

The entire algorithm was published in the Federal Register [2], but the design considerations, which we present here, were not published at that time. The design took advantage of knowledge of certain cryptanalytic techniques, most prominently the technique of "differential cryptanalysis," which were not known in the published literature. After discussions with NSA, it was decided that disclosure of the design considerations would reveal the technique of differential cryptanalysis, a powerful technique that can be used against many ciphers. This in turn would weaken the competitive advantage the United States enjoyed over other countries in the field of cryptography. ...

Differential cryptanalysis was well known, however, to the IBM team that designed DES, as early as 1974. Knowledge of this technique, and the necessity to strengthen DES against attacks using it, played a large part in the design of the S-boxes and the permutation P. ...

The IBM team knew about differential cryptanalysis but did not publish any reference to it. That was because the tool can be a very powerful cryptanalytic tool, useful against many schemes, and there was concern that placing such information in the public domain could adversely affect national security.

Note that Coppersmith does not say that IBM discovered DC independently of the US government. Roger 00:59, 18 August 2006 (UTC)

Sort of a tough issue. While Coppersmith doesn't say IBM did discover DC independently in that quote, he also doesn't say IBM didn't. And I think it would go without saying that IBM shouldn't reveal to the public something they learned directly from the NSA, so that statement does seem to imply that IBM did discover DC. Mangojuice^talk 01:22, 18 August 2006 (UTC)

I take it that you mean that the statement seems to imply that IBM learned DC from NSA.

At any rate, this is not a tough issue. There is no need to speculate. Just say what we know for a fact. IBM claims to have learned about DC during DES development. We don't know for sure whether IBM learned it on its own, or whether it got help from NSA. IBM only gets credit for what it published. Roger 02:10, 18 August 2006 (UTC)

The issue of credit is a red herring, I think. Wikipedia doesn't assign credit, but we document what's understood to have taken place. There's no reason we should doubt that Levy is a reliable source. You seem to be saying that Levy based his statement on Coppersmith's paper, and read something that wasn't there. But why do you say that? I think that's your presumption: there's no mention of Coppersmith's paper at all in Levy's footnotes. On the contrary, the book is stated to be based on personal interviews, and the DES chapter, certainly, is sprinkled with quotes by the likes of Konheim and Tuchman. That IBM discovered DC in the 1970s is widely acknowledged, and unless there's been some doubt about it published in reliable sources, I think we should restore the original statement. — Matt Crypto 07:20, 18 August 2006 (UTC)

I say that Levy relied on Coppersmith's paper because Levy says so on pages 55 and 333 in my hardback edition. No other source is given. Yes, the paper is listed in Levy's endnotes.

Coppersmith was there; Levy was not. Coppersmith's article is a primary source; Levy's book is a secondary source. Coppersmith's story is accepted; Levy's is not. It is easy to understand how Levy could make a mistake like this; no one has explained why Coppersmith would fail to claim this credit for the IBM team while he was claiming credit for everything else. There is no excuse for repeating an error in Levy book when the uncontested facts tell the story. Roger 07:46, 18 August 2006 (UTC)

Ah yes, it is in the notes (that'll teach me to try and read anything first thing in the morning), very sorry about that. But I'm still confused as to what "uncontested facts" you're referring to. Levy is consistent with Coppersmith, unless I'm missing something again. You seem to be reading between the lines in Coppersmith's paper and reasoning that, as he does not explicitly claim credit for IBM, then the NSA must have told IBM about it. That's unsound, I'm afraid. We cannot rely on your implicit inference when we have a published source to the contrary, particularly when it flies in the face of common sense (NSA would never simply volunteer a secret and powerful cryptanalysis attack to a civilian company, surely? The entire point of NIST soliciting for public submissions was that NSA didn't want to reveal their own design secrets). Schneier, for example, appears to believe IBM invented it independently[4]. Without a compelling reason to the contrary, we must go with the explicit source. — Matt Crypto 17:14, 18 August 2006 (UTC)

No, I am not saying that NSA must have told IBM, nor am I inferring anything like that. All I am saying is that the IBM team found out somehow, according to Coppersmith. Coppersmith doesn't say how in his article, and there is no need to speculate in Wikipedia.

As for your assumption that NSA would never volunteer a secret to a civilian company, you are just wrong about that. Schneier's statement that the NSA classified IBM's research is also incorrect.

The uncontested facts are that Coppersmith was on the IBM team; that he published an account of DES development in an IBM journal; that he claimed that IBM knew about the T attack in the 1970s; and that he made no claim that IBM discovered the attack independently of NSA. I don't know why you would want to perpetuate false rumors that are contradicted by the primary sources. Roger 18:34, 18 August 2006 (UTC)

Where are they contradicted by the primary sources? As far as I'm aware, that IBM discovered the attack independently of NSA is uncontested in reliable published sources. — Matt Crypto 20:28, 18 August 2006 (UTC)

<---- let's give up on the ':' counting business for a while

Aghkk! hadn't meant to set of a teapot tempest here. Sorry about that. I'll just note that WP does not insist on academic nicities of citation. Ideally, in some better world, it would be nice, but just not possible in this one, with the realities of WP operation. So, in this case, and on those grounds, I suggest that the citations made here (Levy, Coppersmith, Schneier) are sufficient justification for the inclusion of "IBM independently developed it" in this article.

Additionally, it should be noted that only the following sequence makes sense, given security regulations:

1) NSA invents diff crypt (or is told of it by, say, GCHQ or some such). It's kept secret for the obvious and significant reasons.

2) IBM invents it during its work on Lucifer / DES, which included -- all accounts recount -- some considerable (behind the official scenes) participation by NSA, providing 'assistance' with NBS' project.

3) it comes out that IBM knows this neat analytic technique.

4) consternation at NSA! Egad, someone else knows our neat trick! We've lost advantages over the Opposition! Not good.

5) attempt at damage control, by NSA. NSA to IBM: hey guys, keep quiet about this, 'cause it's an important national security issue. If we te4ll you anything more we'd have to shoot you, 'cause it;'s Secret. Possibly even an undercurrent of: you realize the the Federal government is a very large IBM customer, don't you?

6) IBM does keep quiet about it for years

7) Biham and Shamir publish. Cat's out of the bag.

8) Coppersmith clears up the odd fact of DES' S-boxes very good resistance to diff crypt, so unlikley to have been accidental

9) Coppersmith not arrested or charged for violation of some regulation or another, after making his statement.

It is beyond any credible possiblity that 2, 3, and 4 are replaced by NSA telling IBM folk about this national security related secrecy thing. And, if it happened, the prosecuter types and the security clearnace removal types would have been involved somehow. It would have been, after all, a violation of law. None o fthat has come out, so ...

The case is adequately established for inclusion here. But, it probably deserves a footnote explaining exactly what Coppersmith said, and how it's been understood by informed observers. Possibly citing them as well? ww 21:56, 18 August 2006 (UTC)

You know, I'm leaning more and more towards Roger's opinion here: knowing what we know about the sources, I think it's implied that IBM re-invented DC, but it's not unambiguous, and it's really not such a critical point to this article. I think we should just say that IBM was aware of differential cryptanalysis but didn't publish it, at least in this article: the proper place to get into this in detail would be in the Data Encryption Standard article or the differential cryptanalysis article. Mangojuice^talk 22:12, 18 August 2006 (UTC)

Perhaps we can deal with this in differential cryptanalysis rather than here, as you say, but wherever we do it, we must insist on representing only what sources we have available: those are primarily, as far as I understand it A) Coppersmith's article, which does not address the question of whether IBM discovered DC independently of the NSA either way, and B) Steven Levy's book, which explicitly states that they did. With regards to Wikipedia's verifiability policy, we can't do otherwise, even if we have personal doubts about it. Our job is to document the literature. If the literature is flawed, then you'd need to publish a corrective paper somewhere before it could be included here. (I agree with Ww's sequence above, but that's somewhat secondary to the issue of verifiability.) — Matt Crypto 22:28, 18 August 2006 (UTC)

Ww presents a theory about what might have happened, based on mistaken notions about how US security policies work. But it is just another goofy conspiracy theory that he cannot prove.

I changed the article back to what is known, and removed the speculative theory. Please don't change something correct to something that is speculative.

Our job is not to document secondary and flawed sources like Levy's book. Levy gives Coppersmith's article as his source. It looks like Levy distorted Coppersmith in order to support the thesis of his book. Levy makes lots of errors. No one is going to publish a correction to Levy's book because it is Coppersmith's article that tells the story. Roger 23:18, 18 August 2006 (UTC)

I thought you had an edit a while back that left the question open but didn't digress at length about the ambiguity. I was happy with that. I do think we should say more about it, but in one of the other articles. I do not have the impression that Levy's source for the T-attack story was Coppersmith's article. I think it came from interviews he did. I think I'll e-mail him and ask. Phr (talk) 07:48, 19 August 2006 (UTC)

I agree we should not use our own reasoning (I don't think language like "goofy conspiracy theory" is very helpful here, by the way). We should use reliable sources. Again, Coppersmith's article does not comment on this issue one way or the other (if you think it does, then direct quotes from the article would help). Levy did not use only Coppersmith's article as a source; he used interviews. Unless you can demonstate an error in Levy's work by reference to reliable sources, then I'm afraid Levy is an acceptable source as far as Wikipedia is concerned, and your opinion cannot overrule that. — Matt Crypto 23:27, 18 August 2006 (UTC)

Concur w/ Matt. Here we have several folks who treat Levy's book as literature worth reflecting in WP and one who characterizes it as secondary, flawed, distorted, etc w/o citations thereof. You needn't agree w/ Levy's attitude toward the politics underlying crypto in the US of the period to concede his worth on bare facts. And to reject him on bare facts, it seems to me we need more than is available. Matt's right. Use it, expand on the issue in another article perhaps, but don't reject on the basis of the assertions here.

'Correct' (and truth) is not the point on WP. We are reporting, and if the sources reported are later disputed we can and should doucment that as well. Until then, we're not supposed to be doing our own research, ie, into Levy's biased agenda in distorting accounts in his work.

Put it back in, and footnote it. Expand on the issue in differential crypt or in DES, or both.

First time I've been accused of being a goofy conspiracy theory maven. Most people think me dreadfully mundane, save for an inexplicable interest in odd stuff like security and crypto. Rarely called 'mistaken' in those contexts, though leaky memory causes the odd contretemps now and thenm. It's in the nature of these things that one doesn't actually try to prove them, as I understand it. Much more fun that way. Thanks! Mark Lane, move over!! (preen, preen) ww 00:07, 19 August 2006 (UTC)

No, you don't even have a majority of people who have commented here. You have two people (Matt and Ww) who think that a general article on Cryptography should credit IBM with something that IBM doesn't even claim credit for itself, and two others (MangoJuice and myself) who want to stick to facts from primary sources.

I don't even know why a WP Cryptography article needs to get involved in an obscure issue of who deserves credit for a particular technical advance. Roger 00:53, 19 August 2006 (UTC)

Well, your last sentence is a different question (which we can discuss, of course) but your argument prior to this point has been that we should remove the IBM attribution either because it's untrue, or because Levy is wrong, or because Coppersmith contradicts it. I don't wish to be aggressive, but I really don't think you've demonstrated any of that. Primary sources are fine, but there's nothing wrong with using secondary sources. — Matt Crypto 01:12, 19 August 2006 (UTC)

Yes, my main motivation was just to remove a false statement. No, I don't think that it is so important for WP to try to give credit. If this point is really so important, then the only resolution is to write that the primary sources say one thing, and the secondary sources say something else. Roger 02:23, 19 August 2006 (UTC)

I just edited it to include both what Levy says and what Coppersmith says. Roger 01:10, 19 August 2006 (UTC)

What we have now is poorly written. Not due to this edit, but to the includiosn of the waffling. Should be in a footnote, not in the text.

On the question of IBM claiming this or that, you can't tell from Coppersmith's article. It's explicitly his views, not IBM's. He says the team knew of diff crypt (they called it the T method) by 1974 which sounds to me before the NBS interaction began, and implies independent development. It is correct that he never says that the IBM folk invented it, nor that NSA asked for silence. But I would note that IBM's usual practice in re crypto has been to apply for a patent and that they did not do so at the time. Though this is intertwined with the policy against patents on algorithms which remained in force for a while yet. Nevertheless, I do not see that it's possible to take from Coppersmith's article that IBM did not independently invent it. Coppersmith simply contributes nothing definite on that point. Inference from his lack of statement is required, and we're not allowed to include that stuff in WP. The best source may be Levy, but I seem to recall Schneier on this as well. I say we leave it at independent invention, with a footnote noting the source of the info. And, if desired, a note suggesting that Levy on this point is thought unreliable by some. Why, exactly?

Current state unsatisfactory for writing and content reasons. ww 04:49, 19 August 2006 (UTC)

Coppersmith's article was published in an IBM journal, and can be interpreted as an attempt by him and IBM to claim credit for the design of NSA and to defend the design. If they wanted credit for inventing differential cryptoanalysis, then I would expect him to have claimed the credit in the article. He did not.

The waffling is a result of you pushing a disputed point. I don't really think that the point is so important, but if you are going to present one particular view as a fact, and I believe that it is wrong, then both views should be there. Roger 05:17, 19 August 2006 (UTC)

Disputed by who? Yourself, obviously, and...? I agree with Ww that this isn't a good solution. If before it was venturing into an obscure aside, now it's doubly so. We have a fact, and a reliable source to back it up (Levy). What is the purpose, then, of adding another sentence that says, essentially, "P.S. there is another source (Coppersmith) that neither supports nor contradicts this fact"...? It's redundant, and there's no justification at the present time for us to cast doubts on Levy ("popular author says, but IBM doesn't mention it") without some compelling evidence that what he wrote was incorrect. Roger, you might be convinced that Levy is incorrect, but we can't just accept it on your say-so. Even if we assume that you're correct, to modify the article in this way is pretty close to original research. Wikipedia is a tertiary source, and if the literature contains errors, then it needs to be fixed "upstream" first. — Matt Crypto 05:45, 19 August 2006 (UTC)

I think Levy's main source for his DES stuff is interviews with Tuchman. I'm in support of explaining the unclarity in the DC article. I think it's too hairsplitting a detail to dwell on in this overview article. Anyone going to Crypto next week? It might be possible to ask those guys what happened. Phr (talk) 05:41, 19 August 2006 (UTC)

Agreed. I think we can do without the parenthesis here, and deal with this in differential cryptanalysis. By the way, there's an interesting set of slides by Eli Biham on the early days of public domain DC from FSE 2006: here. — Matt Crypto 05:51, 19 August 2006 (UTC)

Agree w/ Matt and Phr. A middle way of a sort. ww 07:32, 19 August 2006 (UTC)

I've emailed Levy asking where he got the story. I suppose that means I've committed OR. But it can give us some guidance. Phr (talk) 08:07, 19 August 2006 (UTC)

I agree that a general Cryptography article does not need to get into an obscure issue of assigning credit like this. But if the article says anything, then it should be something that is verifiably correct. That is why I favored just saying that IBM knew about DC, without explaining how IBM got that knowledge. Roger 08:24, 19 August 2006 (UTC)

Yes, I'm fine with that, given our current state of knowledge. If Levy writes back to me and says he got the story from Tuchman (or somewhere else that sounds reasonable), then I think we should restore the old wording (crediting IBM per Levy's book), since we don't have anything contradicting it. There's also that Senate hearing, has anyone bothered to look at the transcript? Phr (talk) 09:39, 19 August 2006 (UTC)

I heard back from Levy; he stands by the story in the book. He says it was informed by people with first-hand knowledge of what happened, as well as documents. Roger, you mentioned a while back that your doubt came from Coppersmith's Crypto 2000 lecture. If you go to Crypto next week, maybe you could ask the organizers if a tape is available. That's the only way we can get to the bottom of this. Otherwise I think we should go with what Levy's book says. Phr (talk) 07:55, 20 August 2006 (UTC)