Cryptography Reference
In-Depth Information
not worth a bean if sloppy work is done in the environment — in this example,
the key management.
I must refer you to the lion's den if you are interested in more details: visit the
NSA homepage at
http://www.nsa.gov
and search the site for 'venona'.
Consequently, the one-time pad is reserved for very special purposes. Rumors
have it that the hotline between Moscow and Washington was protected by a
one-time pad. Schneier [SchnCr, 1.5] notes with some amusement that even
the aliens from Andromeda will never have a chance to decrypt the traffic in
arrears, unless they take a time trip into the past. I see things a little differently:
cryptology is not everything; politicians tend to write their memoirs sooner or
later.
2.7 Bottom Line
You may be a little ill-tempered after reading this chapter. Only one single
method is secure, but it's one that goes by the board for most practical interests.
Moreover, mystery-mongering is everywhere, and honesty cannot be expected
in this business anyway.
Let me reassure you, it's not that bad. Cryptology has made enormous progress
during the past twenty years, and it has become important for everyone. There
is strong public cryptological research; in particular cryptanalysis has been
practiced increasingly since the late 1990s. Still, none of us knows how far we
actually lag behind the NSA.
A major weakness of all algorithms discussed in this chapter is that they encrypt
entire characters. And an algorithm may be as good as it can get — it will nor-
mally always have small statistical dependencies. For this reason, a long time
ago, I published an algorithm called
fcrypt
[Wobfcrypt] that works charac-
terwise. It can be used to prove that statistical dependencies are virtually lost
during encryption. This was one of my first more serious attempts in cryptology,
so, at that time, I didn't see how vulnerable the method was compared with
differential cryptanalysis (more about this in Section 3.7). The article found
lively echo; hopefully, the algorithm is no longer used. Steer clear of it.
