Page 37 - index
P. 37
Why is password creation so hard? (Part 3)
by Josephine Rosenburgh
If you're trying to create a 256-bit encryption algorithm you need to ensure that there is
absolutely no chance of anyone every cracking it, not just a small chance or a very small
chance. No chance. You cannot afford to make a single mistake anywhere in the design
which is why you need it at the correct efficiency.
Do you want the world's top cryptographers to run out of ideas in the middle of a 256-bit
encryption algorithm? They're expecting you to use their algorithms. Therefore, you have
every right to question them.
The great problem is an algorithm which is too inefficiently slow or too inefficiently fast. It is
no good being nearly good enough. I do not think it is not safe to run out of ideas when
you're in the middle of creating a 256-bit encryption algorithm. That's 10^77 permutations,
which you're trying to protect.
(And one day there will be that computer that will be powerful enough to crack Eternity 2.
Even if you cannot program it there are plenty of mathematicians at Cambridge University, or
any other university, who can.)
I think the world owes a big amount of gratitude to the Twofish people. They were the only
team who correctly assessed how efficient an algorithm is supposed to be, given that there
are no clues in the universe. They correctly realized they would have to create those clues
literally out of thin air, which is just what I did. You create, request, the clues yourself rather
than expect the universe to do it all for you.
The Twofish team mentioned that it is easy to create an algorithm which is secure but totally
ignores the amount of time taken. It is also easy to create an algorithm which is very quick
but isn't secure at all. The hard part is getting both of them together.
The Twofish team did try to crack Rijndael (which is set at 14 rounds of encryption). They
knew what it lacked but still could not crack it in the time they had. Others have attempted
too without success but that doesn't mean anything. No one can predict if or when it will
successfully occur.
I will say that an algorithm can only be secure if every one of the 2^256 combinations is fully
protected. What if 999 of those are exposed? Those 999 are always hidden to the
cryptographer(s) that created it. Its creators may not see them but someone else easily
could.
With 2^256 combinations every single one is being tested all the time, not just part of the
time but all of the time. A competent algorithm creator can see all of them and they should all
flow beautifully exactly as the inventor intended. (I will take the word "cryptographer" as
meaning someone who studies algorithms whereas an algorithm creator is someone who
creates them.)
37 Cyber Warnings E-Magazine – July 2014 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
