Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Path: utzoo!mnetor!seismo!nbires!vianet!devine
From: devine@vianet.UUCP (Bob Devine)
Newsgroups: sci.crypt
Subject: Re: Algorithms and ease of decryption
Message-ID: <196@vianet.UUCP>
Date: Sat, 4-Jul-87 18:39:54 EDT
Article-I.D.: vianet.196
Posted: Sat Jul  4 18:39:54 1987
Date-Received: Sun, 5-Jul-87 02:58:45 EDT
References: <1724@encore.UUCP>
Organization: Western Digital, Boulder Tech Ctr
Lines: 33


> but it does allow for very large keys [...]

  Large key space does not in itself provide security.  It is how the
key is used not its absolute size that matters.  Large numbers, by
themselves, do add the problem of being more unwieldy; but this is
probably a small concern.

> Specfically, how much
> harder is it to decrypt something if you don't know what algorithm was used?
> I don't have a very strong mathematical background, so please keep your
> answer/proof simple.  An answer like "n orders of magnitude" and some simple
> reasons will do.

  I don't think there exists any ratio that can be universely applied.
Decryption is too much an art to quantify.  For certain, any information
about the "purloined letter" -- its contents, the expected algorithm used,
possible subject area, source and destination, past messages -- will aid
in reading it.  But to try to put a number on it, well ... I can't.

  Many times a crytanalysis has succeeded without the breaker knowing the
algorithm.  Kahn's books has many such stories.  His "Codebreakers" book
opens with the telling of how the Japanese Purple code was broken by the US.
[Kahn's book (a tome is more accurate) is a great starting place for a
history of how secrets have been protected.]

  Historically, the only ciphers and codes were those that had both the
algorithm and key (and codebook if used) secret.  Within the last decade
advances in cryptology have come from mathematical number theory where
the algorithm is openly published.  In fact, RSA's only protection is under
business law.

Bob Devine