Page 39 - index
P. 39
So there must be connections between standard cryptographers (algorithm creators) and
specialist cryptographers (algorithm creators) and either one could succeed or fail.
NIST can pick whatever algorithms they want. That's their choice. I'm not here to change
their mind. I just compared algorithm efficiencies so that others will learn something from it.
The algorithms are all available for everyone to use. You pick whatever one you think is best
for you. Besides, we can all have our own opinions about the five that made it to stage 2.
When NIST set up the challenge they asked for an algorithm that no five people on the
planet were capable of meeting. They assumed it was going to be very easy.
What is encryption? What actually is it? I will use an analogy. Imagine you have been buried
in the desert. You have a limited amount of time to escape. To escape you have to guess
the number of sand particles in the desert. The total number is not random but is derived
from an algorithm. You have to guess, exactly, what the algorithm is before your time runs
out. The algorithm is a very, very efficient one. It is unbelievably efficient.
And you're wondering why 14 teams failed?
When an encryption algorithm is introduced it is always being tested, every day. It is tested
by nature, the universe, which is why it has to be perfectly secure and correctly efficient.
If the algorithm isn't correctly efficient and there aren't enough steps then it's just a numbers
game as to when it will break. Does it matter whether it is 23, 33, 43 or 53 years' time? What
if a dam has a very slight crack? The water is testing the dam every day. How can you say
when it will break? It doesn't matter when. The water appears not to be moving but it can
only be that way if the dam was perfect in the first place. You have to be solving all of the
problems at a faster rate than nature is putting them there. Once the dam has been built
then it is too late to do anything about it.
Only the best algorithm creators will know exactly where the correct efficiency levels are.
There are cryptographers who spend all day testing the weaknesses of algorithms.
Why is it so hard to create an encryption algorithm? Because it is so deceptive and no one
knows what such a thing would ever be. You are being asked to create something when you
don't even know what the end result is supposed to be. It is constantly like that throughout
the whole process and yet you are always lead to thinking the opposite. It is virtually
impossible for an algorithm creator to know when they have reached the final formula
successfully. What in the universe will tell that algorithm creator when they have got there?
There is literally nothing. It is the worse jigsaw puzzle in the universe and no one even
knows of its existence.
The people who created Twofish wouldn't be able to answer the question and I'm sure that
none of them would ever say that encryption is easy. Can you guess what other encryption
algorithms I have yet to create? I can't even do that. I would never say it was easy.
And now you know why password creation (and password encryption) is so so so hard.
39 Cyber Warnings E-Magazine – July 2014 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
