[13193] in cryptography@c2.net mail archive
Re: my take on "PCP"
daemon@ATHENA.MIT.EDU (Ralf Senderek)
Sun May 4 11:31:58 2003
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
Date: Sun, 4 May 2003 17:17:35 +0200 (CEST)
From: Ralf Senderek <ralf@senderek.de>
To: <cryptography@metzdowd.com>
In-Reply-To: <871xzeer94.fsf@snark.piermont.com>
On 4 May 2003, Perry E. Metzger wrote:
> Ralf is very well meaning, but I think that anyone who invents their
> own hash functions and puts them into a program that is expected to be
> used by real people without first publishing them and subjecting them
> to real world analysis first should not be trusted.
I never tired to convince anyone to just trust the hash. Instead I
presented it to the list for criticism. Still I haven't got much
criticism with respect to the hash function. I thank all who replied
to the subject.
> They are in the
> same category as people giving just invented experimental drugs to
> humans without first testing them on other living things. No matter
> how well meaning, they are likely to cause serious damage.
The PCH does make sense (if any) only within PCP, I haven't released
the full code as it is in preview mode. I do not intend to advocate
the use of PCP without "real world analysis". But I had to produce
an implementation to see if it can be done and if it is not too slow.
(BTW it isn't). So I don't see that I am likely to cause harm and I
may reject your accusation.
> As for the motivation for not using a member of the SHA family or
> something similar, there is no excuse. You can know that an
> implementation of SHA-1 is correct, pretty trivially, by the fact that
> it interoperates. If it passes a test suite and others can duplicate
> what it does, it is almost certainly SHA-1. The damage if it failed --
> lack of interoperation -- would be immediately obvious to a user.
Seeing it work well does not mean that I can understand it.
> There is no security gain whatsoever in picking something with a
> "smaller implementation" in this instance. There is, however, a
> substantial risk that a brand new basement-brew hash function will be
> insecure.
I do see this risk as well. That's why I asked the list for expertise.
What the hell is wrong with that?
> Even if you had a proof of security,
I don't have any and I never claimed to have one.
> publication would be
> needed so others could check your proof -- "proven" security systems
> have been broken in the past following publication.
>
> If you do not recognize why all this is, you probably should not be
> writing security critical systems.
It's amazing to see what an amount of unfair imputation is caused by
just thinking in a different direction.
Ralf.
*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*
* Ralf Senderek <ralf@senderek.de> http://senderek.de * What is privacy *
* Sandstr. 60 D-41849 Wassenberg +49 2432-3960 * without *
* PGP: AB 2C 85 AB DB D3 10 E7 CD A4 F8 AC 52 FC A9 ED * Pure Crypto? *
*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
