Cryptography (was Re: How to protect python code ?)
amk at amk.ca
Mon Apr 14 19:56:00 CEST 2003
On Mon, 14 Apr 2003 14:23:03 +0100,
Richard Brodie <R.Brodie at rl.ac.uk> wrote:
> In general, yes. Whether experts working in classified establishments can't
> do better than the public state of the art is much harder to quantify.
> Consider the history of PKCS, for example.
To expand on this, someone working for the UK's GCHQ invented the idea of
public-key cryptography in 1973 but couldn't publish it; some of his
co-workers soon invented actual algorithms for implementing it, including
the one now called RSA. Diffie and Hellman independently invented the idea
and published it in 1977. (See Steven Levy's book _Crypto_ for a readable
discussion of this history.)
I doubt that government establishments such as the NSA or GCHQ are miles
ahead of the public sector, though. Note that the public invention of
public-key was only four years behind its classified invention. In 1998
three cryptographers found an attack against a version of NSA-designed
Skipjack algorithm that used one fewer round of scrambling; it's unlikely
the NSA knew about this technique, or the cipher would have had more rounds.
Classified establishments certainly have more money to spend, so I expect
they have big computers and custom-designed chips for trying keys, but I
doubt they have a super factoring algorithm or powerful attacks against
FLUTE: Nay, faith, let me not play a woman; I have a beard coming.
-- _A Midsummer Night's Dream_, I, ii
More information about the Python-list