Re: Encryption
Re: Encryption
- Subject: Re: Encryption
- From: Mark Assad <email@hidden>
- Date: Fri, 2 Jan 2004 11:26:53 +1100
Hi,
I think the two of you are comparing two different types of
encryption methods here. "There's symmetrical encryption, such as DES,
which use smaller 56-, 64- and 128-bit keys. And there's asymmetrical
encryption known as public/private key systems like RSA and DH, which
use keys on the order of 512, 1024, and 2048 bits." [1] Nicko is
referring to RC5, "A symmetric key cryptography algorithm developed by
Ronald Rivest in 1994. RC5 parameterizes not only key length but also
block size and number of rounds. SeeApplied Cryptography section 14.8."
[2]. Rob refers to Verisign, which in general uses RSA, which is an
asymmetric encryption.
I am no export in encryption, the companies I have worked for have
only ever used OpenSSL. But, my understanding of it is that to break an
asymmetrical cypher, you need to factor the key. Which despite being a
computationally expensive operation does not require you to test every
value from 0 to 2^[key length]. On the other hand, a symmetric cypher,
is broken by trying every possible key value. In the case of a 128-bit
key, this means that you'd have to try 2^128 different keys (or 2^127
in an average case). The website above gives a little more detail, as
would any good (or bad!!) book on security. But, this is all very off
topic. :)
But, in an effort to answer the original question, I'd suggest having a
look at the following sample code:
Description:
The CryptoSample contains source code for libCdsaCrypt, a library
intended to facilitate
the use of Security.framework's Common Data Security Architecture
(CDSA), specifically
in the areas of symmetric encryption and message digest calculation.
This sample also
contains the source for several example programs demonstrating the use
of libCdsaCrypt.
Requirements: Mac OS X 10.2 or later
http://developer.apple.com/samplecode/Sample_Code/Security/
CryptoSample.htm
Now, if someone could show me where the documentation for the
Security.framework is. I'm guessing it gets auto generated from the
header files and saved some where. But I don't know where that is, or
how to access it.
1 --
http://www.networkcomputing.com/buzzcut/020412bc.html
2 --
http://www.praxitech.com/
Good Luck,
Mark
----------
Mark Assad
PhD Student
Smart Internet Technology Research Group
The University of Sydney
On 02/01/2004, at 10:46 AM, Nicko van Someren wrote:
On 1 Jan 2004, at 23:00, Robert Tito wrote:
How well meant your advice is, and a happy new year to you, it doesnt
give
you status 4 in encryption, meaning top secret government level. It
takes a
mere 15-20 minutes to crack any single 128 bits engine so I think you
have
either NO knowledge about encryption and or forensic research.
Verisign for
instance is one of the least safest way to encrypt: the man in the
middle is
always possible, how hard they try to prevent it.
Believe me, we have an engine that will take you 1 over 10^1256
attempts to
crack: good luck.
128 bits is cracked in no time at all.
That's odd. I've spent half my professional life as the CTO of an
major publicly traded encryption company and somehow I had never
noticed that all the published cryptographic research in the world is
wrong and you're right...
To date the largest symmetric encryption key publicly broken by brute
force is a 64 bit RC5 key. It took a distributed effort of thousands
of computers most of a year to do so. Breaking a 128 bit key is 2^64
time, or about 18.4 million million million times harder. While
conspiracy theorists might think that this is breakable by the spooks
the vast majority of opinion is that this is sufficient for most
applications.
Nicko
_______________________________________________
cocoa-dev mailing list | email@hidden
Help/Unsubscribe/Archives:
http://www.lists.apple.com/mailman/listinfo/cocoa-dev
Do not post admin requests to the list. They will be ignored.
_______________________________________________
cocoa-dev mailing list | email@hidden
Help/Unsubscribe/Archives:
http://www.lists.apple.com/mailman/listinfo/cocoa-dev
Do not post admin requests to the list. They will be ignored.