Page 40 - index
P. 40
I also want to say something to computer programmers who incorporate encryption
algorithms within their software. I know exactly what you were thinking: "I'll just use whatever
algorithm NIST chose. They must know more than me. They're the experts."
Obviously, you have absolutely no idea about the creation of advanced encryption systems.
It is clear to everyone that you didn't even bother reading any of the reports about the
algorithms or you did but you still couldn't understand anything written in them.
Have you ever thought about joining NIST?
Perhaps you could make a change to your choice of algorithm and kindly offer your clients a
free upgrade to the new version of your software? Who knows what someone will be able to
do in 20 or 50 years' time?
"What about software which creates, encrypts and saves all your passwords?"
Do you need a password to use such software? Why should you know how to create all of
your own passwords? Some word processors encrypt your files but only if you provide a
password. Trying is get away from using passwords is impossible. Encryption always
involves passwords somewhere. And what if someone loses their laptop or tablet?
What is such software doing? It is treating passwords like known data (which it is not) and
encrypting it.
Will the people who create such software provide a password encryption system for
everyone to use? Are they going to show the world's best cryptographers and
mathematicians how to encrypt all their passwords? Whilst they're programming their
computers are they using the very algorithms that were seen submitted for AES? Surely, the
people who submitted AES algorithms are all perfectly capable of programming their own
computers with their own algorithms to encrypt all of their own passwords?
We all know that computers are far faster than people at performing numerical calculations. I
have now highlighted Twofish as being the most efficient of all the algorithms. Can you
guess what I'm going to ask next?
How does Twofish compare with my infinite encryption algorithm?
Which is more efficient? That's what the average football supporter is asking.
My efficient infinite algorithm is going to have to be more efficient for an average human to
use than Twofish is for a computer to use. Did I do everything absolutely correctly?
Twofish has 2^256 permutations. Mine has infinitely many. Which is more efficient?
And guess what? My password encryption algorithm is going to have to be more efficient
than my infinite encryption algorithm. That's how difficult it is to do.
What does this mean? My password encryption algorithm is going to have to be the most
efficient encryption algorithm in the world as it will have to comfortably protect all of your
passwords.
40 Cyber Warnings E-Magazine – July 2014 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
