Talk:Cipher security summary

From Wikipedia, the free encyclopedia
Jump to: navigation, search
WikiProject Cryptography / Computer science  (Rated List-class, Low-importance)
WikiProject icon This article is within the scope of WikiProject Cryptography, a collaborative effort to improve the coverage of Cryptography on Wikipedia. If you would like to participate, please visit the project page, where you can join the discussion and see a list of open tasks.
 List  This article has been rated as List-Class on the quality scale.
 Low  This article has been rated as Low-importance on the importance scale.
Taskforce icon
This article is supported by WikiProject Computer science (marked as Low-importance).

"Outdated" tag[edit]

@Dannyniu: You added the "outdated" tag to the article; please explain what exactly is outdated. I haven't heard of any significant cryptanalysis breakthrougs recently. Just slapping tags without any indication about what needs improving doesn't help. -- intgr [talk] 07:23, 7 October 2014 (UTC)

Sorry, I can't point out any. But I still feel that the article doesn't quite point out that there're unknown attacks and is not very factually rigorous and strict. And the intro is a bit too short. Dannyniu (talk) 11:49, 7 October 2014 (UTC)
@Dannyniu: Uh, what? The lead explicitly said that only publicly known attacks are listed, even before your edit. You say the article is "outdated" because it doesn't cover material that cannot possibly be known by the public? Have you seen WP:V and WP:CRYSTAL?
What's not "factually rigorous and strict"? We have sources for every single listed attack, you can go and verify. Please point out actual problems instead of hand-waving. -- intgr [talk] 15:24, 7 October 2014 (UTC)
Also see WP:TMC about the usage of such tags, in particular "Avoid "drive-by" tagging: tags should be accompanied by a comment on the article's talk page explaining the problem and beginning a discussion on how to fix it, or, for simpler problems, a remark using the reason parameter as shown below" -- intgr [talk] 15:51, 7 October 2014 (UTC)

@Dannyniu: Sorry if my tone above was too confrontational. Don't get me wrong, if you have any suspicion that the methodology or interpretation of sources is wrong, I would like to hear it. Most of this article has been written by only myself with no feedback from anyone, so it's quite possible I'm misunderstanding something. Just be more specific than "not very factually rigorous and strict".

As for the intro being too short, what would you like to see there? The point of this article is to provide an overview about the state of cryptanalysis against ciphers, I think it doesn't need long prose sections.

What really would be useful is a separate article explaining how the strength of symmetric algorithms is determined — explaining concepts like "security claim", when a primitive is considered "broken", how cryptanalysts "tune" the number of rounds and time complexity for unsuccessful attacks, etc. Then that can be linked from here and Hash function security. But I think that's out of scope for this article and it seems difficult to find sources on that topic, that's why I haven't attempted it. -- intgr [talk] 17:40, 23 October 2014 (UTC)

Generalize to all symmetric ciphers[edit]

Unless someone objects, I'm planning to move this article to "Cipher security summary", so the common RC4 stream cipher can be covered as well. I think it's not worth creating a separate "stream cipher security summary" article because there are so few relevant stream ciphers (RC4, Salsa20 and ChaCha are pretty much all I believe?).

Alternative name would be "Symmetric cipher security summary", but I think "symmetric" is redundant because asymmetric algorithms are usually not called "ciphers" anyway. -- intgr [talk] 10:47, 20 October 2014 (UTC)

@Rtc: You were the one who initially renamed this article to state "block cipher". Would you agree with what I said above? -- intgr [talk] 12:22, 21 October 2014 (UTC)
@Intgr: Well, there are quite a number of stream ciphers. It is right that few are really relevant for practical application, but the same is true for about any cryptographic method. On the other hand, the best way to learn about cryptanalysis is to study less common ciphers and their weaknesses. So there is clearly academic relevance. Thus I'd like to have less common ciphers in the summary as well. If you want to do a merge, it seems more reasonable to do one big "security summary of cryptographic methods", which then includes hashes, asymmetric algorithms, etc. BTW, asymmetric cipher seems to be used in the literature. --rtc (talk) 09:57, 26 October 2014 (UTC)
@Rtc: If that comparison were to be merged into here, then I would agree with you, it would make sense to split stream and block cipher summaries into separate articles. But as it stands now, RC4 is the only stream cipher listed here and splitting it into a "stream cipher security summary" article just by itself would be silly.
Speaking of "less common ciphers", that's one of my pet peeves: for some reason people seem to think that cryptographic primitives are exempt from Wikipedia's notability guidelines. I don't think they belong on Wikipedia, most probably couldn't cite even one secondary reliable source. But I'm not going to be that "bad man" proposing them for deletion.
As for merging everything together into a "security summary of cryptographic methods", I strongly disagree. There's a lot more common between block ciphers and stream ciphers than other kinds of primitives. I think the Hash function security summary article is fine by itself.
(PS: If you do IRC at all we could have a chat some time, I usually hang around in Freenode ##crypto) -- intgr [talk] 11:37, 26 October 2014 (UTC)
I agree that only notable ciphers should be included, but it should be kept in mind that notability is not the same as practical relevance. academic relevance counts as well, ie., if some papers discuss a cipher for academic reasons (such as an attack on that cipher) I think it should be included. IMO, hash algorithms and block ciphers have more in common than any of those and stream ciphers, especially their round-based structure. Hash algorithms sometimes even contain a block cipher as the major building block. Putting RC4 on the same page as the block ciphers just because it is (or used to be) the one most popular stream cipher seems a little bit ad hoc to me. --rtc (talk) 12:35, 26 October 2014 (UTC)
Agreed about notability. What you say about "academic relevance" boils down to WP:GNG's requirement for secondary sources. Just note that "multiple sources are generally expected".
As for stream vs block ciphers, they may be different in structure, but their threat models are the same — which is the point of this article. "Key recovery attacks" apply the same way to both stream and block ciphers, but not preimage attacks or collision attacks. How would you imagine a merge of "block cipher security summary" and "hash function security summary"?
Also, there are stream ciphers with a round structure (Salsa20) and hash functions without (PANAMA, RadioGatún) so I'm not sure that's a useful distinction. -- intgr [talk] 14:01, 26 October 2014 (UTC)