home | help | back | first | fref | pref | prev | next | nref | lref | last | post |
X-Original-To: cryptography@metzdowd.com X-Original-To: cryptography@metzdowd.com Date: Sun, 04 May 2003 11:25:27 -0400 From: Ian Grigg <iang@systemics.com> Reply-To: iang@systemics.com To: Ralf Senderek <ralf@senderek.de> Cc: tom st denis <tomstdenis@yahoo.com>, cryptography@metzdowd.com Ralf Senderek wrote: > If there was a hash based on ModExp() with a long tradition of > scrutiny like RSA for twenty years I surely would have taken it. OK! > I am not keen on inventing new things, but I don't accept that we > leave the user alone with the complexitiy problem in a fatal dependence > on code he has not even the chance to understand. And I don't mean > sha1 in particular but the whole cryptosystem. Right! I concur with this frustration. But, it is real life; next time you go over a bridge, pause for a moment and wonder whether it is going to fall down. Well, of course it isn't, because it was built not to ... by engineers who assumed the responsibility of handling the complexity. If you are not convinced, try this: stand on the bridge in a 120km wind whistling down the canyon, and decide how many 60 tonne trucks are allowed over... Bridges have limits, and it really takes a specialist - an engineer - to understand the limits. In crypto, we call people who understand the limits of the algorithms 'cryptographers'. Then there are the software engineers, who read what the cryptographers write, and then apply it in software. I call those latter 'cryptoplumbers'. These guys know what a protocol means, understand what is a real attack and what is a theoretical attack, and put their names on the line for user's safety. There's a really big gulf between them. Great cryptoplumbers are not great cryptographers, and the reverse is as generally true. One can count on one hand the number of people who can claim to seriously contribute in both fields. And, the best contributions came from people who knew their limits and didn't invent things outside those limits. Failed cryptosystems generally have the characteristic that the guys who designed them went across that border too blithely. I really do feel the frustration, there are many among us that have been working to get more crypto to more users. But, assuming away the complexity is not the answer. And, unless you are going to spend the next 10 years in academia attacking the last 200 years of algorithms, inventing your own algorithm is not the answer either. > Does the list know of any hash based on Modexp with a better reputation > than mine, I'd be happy to know. I suspect that answer to that is that Modexp doesn't have the characteristics to make a good hash. -- iang --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
home | help | back | first | fref | pref | prev | next | nref | lref | last | post |