ed770878
commented
8 years ago @ikizir as long as you are going to put my name in your commit message, I suppose I should have the right to respond without my comment being deleted.
I am always telling you that your contributions are important. We just disagree on the way you tell them.
I am trying to work with you, but you have been deleting my comments whenever I suggest an attack that you don't like.
And if you write a good cryptoanalysis of the algorithm until 15 March, I promise you to give a link to it in the printed version of the Inet-tr symposium paper. 15 March is the deadline.
I will operate under no such deadline. Not for you. Not after the way you've been disregarding my concerns about your algorithm.
And I don't want my name anywhere near this in publication!
Wait, I thought you already published. Is this just the print version of the pdf that's already available online, or are you publishing something new? If it's the one that was published last December, fine. I only started talking to you this year, so what was published then was already published before we started talking. If the paper is something new, you should really think about your reputation, and what ignoring "theoretical attacks" and publishing anyway does to your reputation. I would suggest, if you are publishing, you should try to understand the attacks and properly refute them in your paper. I am willing to work with you to help you understand the attacks. If you just go ahead and publish, ignoring my help, and later I again prove your algorithm is more vulnerable, who will look like the fool?
I still consider it theoretical, since, it supposes to have both the plaintext and salt and key body crc in order to function; which, is nearly impossible in real life.
Not the crc. That attack doesn't need the crc, just the plaintext and salt.
Tell me, do you consider gravity to be theoretical? The best explanation of gravity that science can offer is still just a theory, yet we don't float up off the body of the earth! Newton's approximation of gravity was pretty good for a while, then Einstein's approximation was a bit better, and the theory of gravity is still improving, but our lack of a fully consistent explanation for gravity that doesn't make gravity any less real.
Here is the theory, in a nutshell. Algorithms that resist active attacks with chosen plain texts etc are provably secure against harder attacks that make less assumptions. If an algorithm is resistant to an easy attack like CPA2, then it is also resistant to known plaintext attacks and most everything else. Good crypto algorithms resist active attacks, but Hohha does not. Some algorithms don't resist active attacks, but do resist known plaintext attacks. Those are provably secure against ciphertext only attacks. Hohha is not secure against known plaintext attacks. The only thing left for you is the possibility that Hohha might resist a ciphertext only attack. If it does resist an attack, that still puts Hohha in the least secure category of ciphers, because it doesn't resist any of the other kinds of attacks. But if Hohha does not resist even a ciphertext only attack, then it's not really encryption at all.
I started by showing that your algorithm was vulnerable to some pretty weak attacks first, that required a lot of assumptions. The attacks assumed things like being able to choose the ciphertext and interact with an oracle, etc. Those attacks only revealed some simple and limited information about the key. But it's just theoretical, so what.
Next, I told you that the algorithm was vulnerable in a way that could lead to recovering the key. I even told you the method of attack. You deleted all the comments after that, but no matter, I came back and proved it anyway. I proved that yes, the attack is possible, using the same method that I proposed. But it's just theoretical, so what.
Now I told you that I think the algorithm is vulnerable to the key recovery attack, using just the ciphertext, and you deleted my comments. You should realize by now that I know what I'm doing. I understand your algorithm, I understand how it is vulnerable, and I know how to write a program to attack it. But it's just theoretical, so what, right?
If I don't have a magic computer to intercept ciphertexts, then Hohha is secure! But if it's impossible to intercept the message, why encrypt? Encryption is pointless in your scenario, but apparently every other scenario is fiction.
Like the theory of gravity, my theoretical attacks against your algorithm are improving. And just like a stone that doesn't believe in gravity, your algorithm will still fall.
20c85ab12ae36a5d1f0f1e99216b72e39cdf4809 49f631f9965622cd86b870a6c93244d8b7b7deac