Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP Path: utzoo!mnetor!seismo!nbires!vianet!devine From: devine@vianet.UUCP (Bob Devine) Newsgroups: sci.crypt Subject: Re: Algorithms and ease of decryption Message-ID: <196@vianet.UUCP> Date: Sat, 4-Jul-87 18:39:54 EDT Article-I.D.: vianet.196 Posted: Sat Jul 4 18:39:54 1987 Date-Received: Sun, 5-Jul-87 02:58:45 EDT References: <1724@encore.UUCP> Organization: Western Digital, Boulder Tech Ctr Lines: 33 > but it does allow for very large keys [...] Large key space does not in itself provide security. It is how the key is used not its absolute size that matters. Large numbers, by themselves, do add the problem of being more unwieldy; but this is probably a small concern. > Specfically, how much > harder is it to decrypt something if you don't know what algorithm was used? > I don't have a very strong mathematical background, so please keep your > answer/proof simple. An answer like "n orders of magnitude" and some simple > reasons will do. I don't think there exists any ratio that can be universely applied. Decryption is too much an art to quantify. For certain, any information about the "purloined letter" -- its contents, the expected algorithm used, possible subject area, source and destination, past messages -- will aid in reading it. But to try to put a number on it, well ... I can't. Many times a crytanalysis has succeeded without the breaker knowing the algorithm. Kahn's books has many such stories. His "Codebreakers" book opens with the telling of how the Japanese Purple code was broken by the US. [Kahn's book (a tome is more accurate) is a great starting place for a history of how secrets have been protected.] Historically, the only ciphers and codes were those that had both the algorithm and key (and codebook if used) secret. Within the last decade advances in cryptology have come from mathematical number theory where the algorithm is openly published. In fact, RSA's only protection is under business law. Bob Devine