Cryptography

Cryptography is is the practice and study of hiding information. In modern times cryptography is considered a branch of both mathematics and computer science and is affiliated closely with information theory, computer security and engineering.

Quotes

 * This method, seemingly very clever, actually played into our hands! And so it often happens that an apparently ingenious idea is in fact a weakness which the scientific cryptographer seizes on for his solution.
 * Herbert Yardley, in The American Black Chamber


 * Few false ideas have more firmly gripped the minds of so many intelligent men than the one that, if they just tried, they could invent a cipher that no one could break.
 * David Kahn, in "The Codebreakers"


 * The multiple human needs and desires that demand privacy among two or more people in the midst of social life must inevitably lead to cryptology wherever men thrive and wherever they write.
 * David Kahn, The Codebreakers


 * "The magic words are squeamish ossifrage"
 * Plaintext of the message encoded in RSA-129, given in Martin Gardner's 1977 "Mathematical Games" column about RSA.


 * Feistel and Coppersmith rule. Sixteen rounds and one hell of an avalanche.
 * Quoted by Stephan Eisvogel in de.comp.security


 * For the computer security community, the moral is obvious: if you are designing a system whose functions include providing evidence, it had better be able to withstand hostile review.
 * Ross Anderson in Vol. 18 Issue 25 of the RISKS Digest.


 * When a cryptanalyst starts out trying to analyze a new algorithm, his first thought is probably: "Yikes. What a mess. I'll never make sense of this". So there are all sorts of tricks to help you start to probe into the convoluted innards of the cipher. One of these is to attack a weakened version. Later, he may be able to extend the attack to the full strength version; or, if this cannot be done, the reason why it can't at least gives some insight into the strengths and weaknesses of the cipher.
 * There is also a side benefit: the difference in strength made by even really subtle changes warns us just how tricky crypto can be...
 * R. Fleming in message <-0703971850220001@mg4-48.its.utas.edu.au> of sci.crypt


 * Due to the suspicious nature of crypto users I have a feeling DES will be with us forever, we will just keep adding keys and cycles...
 * Colin Dooley, in message <34C5021A.ABD@medit3d.com> of sci.crypt


 * The NSA response was, "Well, that was interesting, but there aren't any ciphers like that."
 * Gustavus J. Simmons, "The History of Subliminal Channels", in IEEE Journal on Selected Areas in Communication, pages 452-462, v. 16, n. 4, 1998.


 * The real work in an attack, at least an attack against a well-designed cipher, is modifying the attack technique so that it works. Knudsen's papers are an excellent example of this; he is a master at making an attack work where others have failed. Differentials work where characteristics don't. Truncated differentials work where normal differentials don't. Even this year's exciting find, impossible differentials, are simply another way at looking at a differential attack. A cryptanalyst with a "menu" would have never found any of those attacks, and would have broken far fewer ciphers.
 * , in message <35f52432.869733@news.visi.com> of sci.crypt.


 * The obvious mathematical breakthrough would be development of an easy way to factor large prime numbers.
 * The first edition of The Road Ahead,, page 265.


 * The point of academic attacks is not exhibiting practical breaks; the point is that only a trained cryptographer can tell whether a given algorithm is secure or not. The author of an algorithm says: "My cipher is secure, and trust me, I am an expert at this. And to prove that I am a real good expert, I challenge other experts to find even the most impractical, academic flaw in my cipher".
 * Just like glue. Commercial ads state that the foobar glue can stick an elephant to the ceiling. Who needs to stick an elephant to the ceiling? But if it can do that, people will trust its sticking strength.
 * Thomas Pornin, in message <8rf05j$2np9$1@nef.ens.fr> of sci.crypt


 * We didn't do this with just a pencil and some paper. Lots of our notes are in pen. We didn't need to erase much.
 * Tim Hollebeek and John Viega, on breaking defective crypto in Netscape's mail password saver; quoted in RISKS Digest Vol. 20 Issue 68.


 * If you think cryptography is the answer to your problem, then you don't know what your problem is.
 * Peter G. Neumann, quoted in the New York Times, February 20 2001.