[pycrypto] Why I would be glad to find a plenty of algorithms in pycrypto

Dwayne C. Litzenberger dlitz at dlitz.net
Sun Nov 9 17:13:38 CST 2008


On Sun, Nov 09, 2008 at 05:01:15PM -0430, Stefan Spoettl wrote:
>ARC4 is fast.
>ARC4 is easy to implement.
>ARC4 is beautiful (my personal Mona Lisa of cryptography)

On the topic of "beautiful", you should read this, by Sean O'Neil:

     Most cryptographers are either mathematicians or come from a very
     strong mathematical background [including myself] and we love
     beautiful mathematical structures.  We like magic squares, we like
     fancy patterns, we like cool mathematical properties such as
     guaranteed long periods, etc. etc. etc.  It is extremely hard to
     resist the temptation to include an unnecessarily complex but
     mathematically pretty component in your design that other
     mathematicians might admire.  We do tend to forget that the beautiful
     mathematics of it tend to be responsible for the algebraic structures
     that may turn out to be exploitable to mount successful attacks.  We
     get attached to our cute little babies and to their beautiful
     mathematical complexity.

     The truth: The cipher's job is to destroy mathematics as quickly as
     possible.

     -- http://www.enrupt.com/index.php/2008/09/05/strength_in_complexity

>Some years ago this "arguments" appeared to me as "sufficient" to bank on 
>it during a development of a secure protocol, which is intending to beat 
>the SSL performance (in a concluded VPN).

What is a "concluded VPN"?  A search on Google returns nothing useful.

>As you know some "uncultured and barefaced" cryptoanalysts have painted a 
>fat nipple directly is the face of my Mona Lisa. It could be adopted that 
>this people will terminate to do their sacrileges. Futheron this is not 
>desirable.
>
>But what should one do if a development depends on an algorithm. The only 
>way around this edge is to bank on a library that offers equivalent 
>compensation.

"Fat nipple"?  "Sacrilege"?  "Equivalent compensation"?  What is this, a 
religious strip show with a bit of Judge Judy mixed in?

Enough with the vague rhetoric.  Please make your arguments directly, 
clearly, and in English, or don't make them at all.  Although I speak 
English as a native language, others on this list don't, and if I can't 
understand you, they surely won't.

Also, please address my responses to your last email, especially my point 
about keeping the amount of hand-written C code to a minimum.

Furthermore, please actually use the "Reply" function of your mailer (the 
In-Reply-To header should be set correctly).  By breaking up the threads, 
you are making this conversation harder to follow in the mailing list 
archives.

>By the way: In my point of view a block cipher that is running in CFB, OFB 
>or CTR mode could never be an equivalent compensation for a stream cipher 
>(if you want speed).

Quoting D. J. Bernstein's paper, which I expect you have read by now:

     I don't like waiting for my computer.  I really don't like waiting for
     someone else's computer.  A large part of my research is devoted to
     improving system performance at various levels.  (For example, my paper
     [6] is titled "Curve25519: new Diffie-Hellman speed records.")  But I
     find security much more important than speed.  We need invulnerable
     software systems, and we need them today, even if they are ten times
     slower than our current systems.  Tomorrow we can start working on
     making them faster.

     ...

     "To this very day, idiot software managers measure 'programmer
     productivity' in terms of 'lines of code produced,' whereas the notion
     of 'lines of code spent' is much more appropriate."
     —Dijkstra in [9, page EWD962–4]

If speed is more important to you than security, then I suggest you write 
all your code in C, and use one of the many widely-available C crypto 
libraries.  I've heard Crypto++ is quite good, and several people have 
already mentioned pycryptopp.

My resources are extremely limited, and I choose to devote them toward 
security, not speed.

>Dwayne's statement that stream ciphers are still in an "experimental" 
>state sounds in my (european) ears like a simple misapprehension.

Believe it.  All of the six stream ciphers submitted to NESSIE (2000-2003) 
were broken[1], the recently-published cube attack decimated LFSR-based 
stream ciphers, and I'm sure somebody else can comment on the status of 
eSTREAM, but from [2] it looks like the submissions required a lot of 
last-minute changes in order to avoid newly-discovered attacks.

[1] https://www.cosic.esat.kuleuven.be/nessie/deliverables/decision-final.pdf
[2] http://cr.yp.to/streamciphers/broken-20080330.pdf

>For some reasons the Europeans are never leaving the "experimental" state 
>of exactly nothing. Well, that's a part of our weakness but even a part of 
>our power.

I don't care where you're from unless you're submitting code: 
http://www.pycrypto.org/submission-requirements/

-- 
Dwayne C. Litzenberger <dlitz at dlitz.net>
  Key-signing key   - 19E1 1FE8 B3CF F273 ED17  4A24 928C EC13 39C2 5CF7
  Annual key (2008) - 4B2A FD82 FC7D 9E38 38D9  179F 1C11 B877 E780 4B45
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: Digital signature
Url : http://lists.dlitz.net/pipermail/pycrypto/attachments/20081109/2bc25454/attachment.pgp 


More information about the pycrypto mailing list