# Talk:Cryptography

I rather like the term *Cypherspace* for the encryption world. See also the terms "Cypherpunk" and "Cryptorebel" -- rack

Perhaps have a master page listing all the typs of encryption. Something like Encryption Types. That way Encryption can discuss the topic more cleanly without being cluttered with too many notes on specific types. -- rack

Link this to key-escrow discussions, where a government wants a master key to encryption formats. -- rack

Freedom and cryptography somehow have to get linked. Take for example the Dmitry Sklyarov cryptanalysis troubles. -- rack

I think Sklyarov probably falls more into the DMCA over-copyrighting camp since Adobe just used a crappy DRM encryption scheme. But I know what you're getting at about freedom and I agree; I would venture that a better account would be nations with human rights violations and free speech restrictions using encryption to avoid prosecution as criminals. - webfork

>> "... the ability to factor multiple prime numbers ..." > I think not. Think about it for a minute, and then correct it.

---

Done. - webfork

The legal and fair-use aspects of breaking encrytion could possibly be fleshed out. This topic is coming along nicely. Finally, thanks to this wiki I can understand Cryptography better.- ABliss

Great, thanks... I'll keep going. :) webfork

Need to find some place for this: http://www.healthyemail.org/ which encourages a commercial encryption tool for a legitimate healthcare privacy requirement. Need to figure out this requirement and use it as an encouragement for people to use encryption to be in medical profession compliance. -- webfork

- how about Encrypting Your Mail? -- rack

The discussion of the DMCA in this topic may lead one to believe that the DMCA outlaws the circumvetion of any encryption, whereas I understand it only outlaws circumvention in certain circumstances (such as gaining access to copyrighted materials). -- Permission Denied

I'm tempted to add a qualifier to the ranking of elliptic curve crypto systems as "weak". They have had significantly less cryptanalysis done against them, but there has been a lot, and it has all been positive.

All things considered, elliptic curve crypto can provide the same security as other public key methods with significantly smaller keys. I would say this makes it "stronger" in some respects.

Can the elliptic curve entry be qualified a bit? -- purefiction/coderman

- Elliptical curve cryptography is still a fairly new system that is currently being used in cell phones because of its speed. It is not based on long-tested algorithms, such as Square, IDEA, and Blowfish. Even newer algorithms such as AES and Twofish are stronger versions of earlier algorithms. Trust in security takes a long time to get and its been my impression that, because elliptical encryption is fast and can work in embedded devices, it has been rushed into use. Webfork

If the "stronger versions of earlier algorithms" argument is going to be made for AES/Twofish, then I will apply it here to elliptic curve crypto. ECC relies on the difficulty of the discrete logarithm problem, just as RSA, ElGamal and others. This is long standing and well understood in the use of public key crypto.

The fact that it enjoys popular use in mobile phones is not an indication that is being "rushed into use", but rather that it offers a significant advantage here where the mathematics involved use smaller keys and less CPU. In a desktop system the relative difference has much less impact, and momentum alone is a reasonable explanation of why this is not more pervasive in desktop/high end computing environments.

Last, it could also be argued that advancements in the discrete log problem for ordinary groups (that affect DSA for example, and not ECC) are a further indication that ECC is not only as secure as existing public key systems with smaller keys, but potentially more secure given the fact that there has been no advancement in discrete log for elliptic systems in over 20 years.

- Here's why I say what I say. Quoting Bruce Schneier from this article:

- "Certicom used the event to tout the benefits of elliptic curve public-key cryptography. Elliptic-curve algorithms, unlike algorithms like RSA, ElGamal, and DSA, are not vulnerable to the mathematical techniques that can factor these large numbers. Hence, they reason, elliptic curve algorithms are more secure than RSA and etc. There is some truth here, but only if you accept the premise that elliptic curve algorithms have fundamentally different mathematics. I wrote about this earlier; the short summary is that you should use elliptic curve cryptography if memory considerations demand it, but RSA with long keys is probably safer."

- "This event is significant for two reasons. One, most of the Internet security protocols use 512-bit RSA. This means that non-cryptographers will take notice of this, and probably panic a bit. And two, unlike other factoring efforts, this was done by one organization in secret. Most cryptographers didn't even know this effort was going on. This shows that other organizations could already be breaking e-commerce keys regularly, and just not telling anyone."

- "As usual, the press is getting this story wrong. They say things like: "512-bit keys are no longer safe." This completely misses the point. Like many of these cryptanalysis stories, the real news is that there is no news. The complexity of the factoring effort was no surprise; there were no mathematical advances in the work. Factoring a 512-bit number took about as much computing power as people predicted. If 512-bit keys are insecure today, they were just as insecure last month. Anyone implementing RSA should have moved to 1024-bit keys years ago, and should be thinking about 2048-bit keys today. It's tiring when people don't listen to cryptographers when they say that something is insecure, waiting instead for someone to actually demonstrate the insecurity."

- I couldn't find the article I read where RSA Inc. put out Elliptical Encryption before it was adequately tested. But the RSA Web site seems to suggest similarly to Bruce's assessment:

- "While RSA Laboratories believes that continued research into elliptic curve cryptosystems might eventually create the same level of wide-spread trust as is enjoyed by other public-key techniques (provided there are no upsets), the use of special purpose curves will most likely always be viewed with extreme skepticism."

- As an alternative, if we're speaking about "strong encryption" public-key I'd much rather use a 2048 Diffie-Hellman for my public-key communications. Webfork