Page 38 - index
P. 38
When I formed my infinite algorithm and my password encryption algorithm I was constantly
doing calculations. I had to know exactly how efficient something was.
For Rijndael to reach Twofish's level of security the Twofish team calculated that 24 rounds
would be needed, which makes it less efficient than Twofish.
When you pick an algorithm do you choose one from someone who is in the top 10 of the
world's best or someone only in the top 20 to 30? Certain people did take Twofish to be the
correct algorithm.
The Twofish team still felt uneasy about Rijndael (set at 14 rounds) and recommended 18
rounds to increase its level of security. This advice was ignored.
If you don't know how efficient an algorithm is supposed to be then you will not know how
efficient your algorithm is and, therefore, you will not know how secure it is. You will think it's
more secure than what it actually is. As a result your algorithm could have too few
calculations and, BANGGGGGg, your algorithm could be blown wide open and you wouldn't
even know it. If, however, there had been too many calculations then that would just be by
pure, pure, pure luck.
Fourteen teams failed, one succeeded.
If you're programming a computer to perform a super, super, super, super complex algorithm
then you really, really need to make sure that you know exactly what is going on at all times.
You cannot afford any mistakes.
Here's how it works: the better the algorithm creator the better they will be at understanding
where they went wrong and, obviously, the worse the algorithm creator the worse they will
be at understanding where they went wrong. I constantly recognised where I went wrong
and I'm sure the Twofish team will have done the same. The best algorithm creators will
make mistakes but will correct them very quickly so that they make the correct progress. It
won't happen as often for other algorithm creators and that's exactly what you will have seen
in the AES contest.
If you're staring a giant 256-bit encryption algorithm in the face how many of those
permutations would you expect to be protected? 2^254? 2^248 perhaps? Or maybe maybe
maybe 2^230?
Which of the 15 algorithms would you have picked? The one with the most technical-
sounding name perhaps? Have you ever heard of the Teknotranic 256-bit encryption
algorithm before? Or maybe you could opt for the Compucell-Ramdac?
It could have been that all 15 teams failed to produce a correct 256-bit encryption algorithm,
in which case we would never have known.
That is as much as I can say on the subject (since I don't specialize in those types of
algorithms).
38 Cyber Warnings E-Magazine – July 2014 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
