[144633] in cryptography@c2.net mail archive
cleversafe says: 3 Reasons Why Encryption is Overrated
daemon@ATHENA.MIT.EDU (Zooko Wilcox-O'Hearn)
Fri Jul 24 13:44:34 2009
To: tahoe-dev@allmydata.org,
Cryptography List <cryptography@metzdowd.com>
From: Zooko Wilcox-O'Hearn <zooko@zooko.com>
Date: Fri, 24 Jul 2009 07:33:29 -0600
[cross-posted to tahoe-dev@allmydata.org and cryptography@metzdowd.com]
Disclosure: Cleversafe is to some degree a competitor of my Tahoe-=20
LAFS project. On the other hand, I tend to feel positive towards =20
them because they open-source much of their work. Our "Related =20
Projects" page has included a link to cleversafe for years now, I =20
briefly collaborated with some of them on a paper about erasure =20
coding last year, and I even spoke briefly with them about the idea =20
of becoming an employee of their company this year. I am tempted to =20
ignore this idea that they are pushing about encryption being =20
overrated, because they are wrong and it is embarassing. But I've =20
decided not to ignore it, because people who publicly spread this =20
kind of misinformation need to be publicly contradicted, lest they =20
confuse others.
Cleversafe has posted a series of blog entries entitled "3 Reasons =20
Why Encryption is Overrated".
http://dev.cleversafe.org/weblog/?p=3D63 # 3 Reasons Why Encryption is =20=
Overrated
http://dev.cleversafe.org/weblog/?p=3D95 # Response Part 1: Future =20
Processing Power
http://dev.cleversafe.org/weblog/?p=3D111 # Response Part 2: =20
Complexities of Key Management
http://dev.cleversafe.org/weblog/?p=3D178 # Response Part 3: Disclosure =20=
Laws
It begins like this:
"""
When it comes to storage and security, discussions traditionally =20
center on encryption. The reason encryption =96 or the use of a =20
complex algorithm to encode information =96 is accepted as a best =20
practice rests on the premise that while it=92s possible to crack =20
encrypted information, most malicious hackers don=92t have access to =20
the amount of computer processing power they would need to decrypt =20
information.
But not so fast. Let=92s take a look at three reasons why encryption =20=
is overrated.
"""
Ugh.
The first claim -- the today's encryption is vulnerable to tomorrow's =20=
processing power -- is a common goof, which is easy to make by =20
conflating historical failures of cryptosystems due to having too =20
small of a crypto value with failures due to weak algorithms. =20
Examples of the former are DES, which failed because its 56-bit key =20
was small enough to fall to brute force, and the bizarre "40-bit =20
security" policies of the U.S. Federal Government in the 90's. An =20
example of the latter is SHA1, whose hash output size is *not* small =20
enough to brute-force, but which is insecure because, as it turns =20
out, the SHA1 algorithm allows the generation of colliding inputs =20
much quicker than a brute force search would.
Oh boy, I see that in the discussion following the article "Future =20
Processing Power", the author writes:
"""
I don=92t think symmetric ciphers such as AES-256 are under any threat =20=
of being at risk to brute force attacks any time this century.
"""
What? Then why is he spreading this Fear, Uncertainty, and Doubt? =20
Oh and then it gets *really* interesting: it turns out that =20
cleversafe uses AES-256 in an All-or-Nothing Transform as part of =20
their "Information Dispersal" algorithm. Okay, I would like to =20
understand better the cryptographic effects of that (and in =20
particular, whether this means that the cleversafe architecture is =20
just as susceptible to AES-256 failing as an encryption scheme such =20
as is used in the Tahoe-LAFS architecture).
But, it is time for me to stop reading about cryptography and get =20
ready to go to work. :-)
Regards
Zooko
---
Tahoe, the Least-Authority Filesystem -- http://allmydata.org
store your data: $10/month -- http://allmydata.com/?tracking=3Dzsig
I am available for work -- http://zooko.com/r=E9sum=E9.html=
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
