Talk:Cryptography/Archive 5
This is an archive of past discussions about Cryptography. Do not edit the contents of this page. If you wish to start a new discussion or revive an old one, please do so on the current talk page. |
Archive 1 | ← | Archive 3 | Archive 4 | Archive 5 | Archive 6 |
Engineering vs. Malevolence
It says in the article "Cryptography is also a branch of engineering, but an unusual one as it deals with active, intelligent, and malevolent opposition (see cryptographic engineering and security engineering); all other kinds of engineering need deal only with neutral natural forces." I'd argue that there are other fields which have to deal with malevolent forces. What about constructing structures and vehicles which withstand attack? Or designing weapons which to deal with the defenses? Or even designing defenses specifically from the weapons (radar jamming, etc)?
Daemon 16:43, 19 January 2007 (UTC)
- Personally, I don't really buy that Cryptography is a branch of engineering. Security engineering is, I suppose, but that's a related field, not the same thing. Mangojuicetalk 18:13, 19 January 2007 (UTC)
- Crypto uses experimental evidence and experience, folk wisdom, joint experience of many, mathematical proof, scientific theories, etc to develop systems and procedures and so on. This is a pretty good description of engineering, not of a science. Seems a reasonable chocie of term to me. ww 11:10, 9 March 2007 (UTC)
removal of reading to links section
Several of these are in fact actual books, and should not have been moved. The others are less easily classified and may belong in a links section. These should be reviewed. There is, in this group, no easy way to automatically classify them. The test should be size, formality, perhaps existence as a dead tree production, nad importance to the field. ww 11:10, 9 March 2007 (UTC)
Enigma Picture
I don't understand the picture describing the enigma machine. Is the picture just an in screen shot taken from some game? - 74.104.164.160 01:16, 8 May 2007 (UTC)
- Yeah, apparently it was. The image that was apparently intended was commons:Image:Enigma.jpg. That would show up by default at Image:Enigma.jpg except that there is already a different image there. Mangojuicetalk 13:53, 8 May 2007 (UTC)
terminology
The taxonomy is that cryptosystems produce crypttext (either codetext or cyphertext) after processing of plaintext. That usage is not congruent with the taxonomy should not justify use of confusing terminoloty in a WP article. We should be precise, even if usage isn't, mostly. Hence the rollback. ww 09:08, 13 July 2007 (UTC)
- Please give references for your claim. In all the crypto books I have ciphertext is the result of an encryption. Crypttext is not even used once. 85.1.111.99 10:33, 13 July 2007 (UTC)
- I did some more searching for the term crypttext. Google booksearch gives almost no results. A normal Google search seems to indicate that crypttext is almost exclusively used by PHP programmers to distinguish raw, unformatted ciphertext (which is the thing they call crypttext) from other formats. PHP programmers can of course use their own terminology if that helps them to keep different formats appart. But wikipedia should go with the most common use, that is calling the result of an encryption ciphertext. 85.1.111.99 11:36, 13 July 2007 (UTC)
- Concur with 85.1.111.99. Dictionary.com has no definition for "crypttext" but has "ciphertext." I've been working in the crypto field since college and I've never once heard "crypttext" until now. Mangojuicetalk 12:47, 13 July 2007 (UTC)
- I did some more searching for the term crypttext. Google booksearch gives almost no results. A normal Google search seems to indicate that crypttext is almost exclusively used by PHP programmers to distinguish raw, unformatted ciphertext (which is the thing they call crypttext) from other formats. PHP programmers can of course use their own terminology if that helps them to keep different formats appart. But wikipedia should go with the most common use, that is calling the result of an encryption ciphertext. 85.1.111.99 11:36, 13 July 2007 (UTC)
Cryptology is usually defined as the combined study of cryptography and cryptanalysis. I've amended the terminology section accordingly and cited the dictionary definition of cryptology to back up this (Merriam-Webster's). Ross Fraser (talk) 01:19, 1 February 2008 (UTC)
"ciphers without variable keys are trivially breakable" is generally true. However, isn't there an exception: cryptosystems where the algorithm(s) are secret? Such systems are not scalable, since a new algorithm is costly to invent. But I think I could come up with several that wouldn't be trivially breakable pretty quickly. Is it worth modifying the article to avoid walking over this exception?--Elvey (talk) 10:03, 13 May 2009 (UTC)
DES strength
"DES was designed to be secure against differential cryptanalysis" This seems like a poor wording. Secure implies that it cannot be attacked using differential cryptanalysis. However DES of course can be attacked in this way, it is simply difficult. Skimming the cited article, it never claims that the NSA/IBM thought it would be impossible to use differential cryptanalysis, just that one of their parameters was to make DES difficult to attack using DC. I think a wording to replace "secure against" would be "resistant to". --128.2.225.42 17:41, 19 July 2007 (UTC)
- Done. If you see anything else similar, you can just go ahead and make the change. See Wikipedia:Be bold in updating pages - it's a Wikipedia philosophy. Mangojuicetalk 19:38, 20 July 2007 (UTC)
Extraordinary claims
AceVentura wrote a comment here about the terrible Ed Trice article. Thanks Ace for "sounding the alarm" on this. I moved the comment and discussion of this to the talk page of WikiProject Cryptography. Please continue the discussion there. --David Göthberg 14:54, 29 July 2007 (UTC)
This link in section Cryptographic protocols is quite misleading, is anyone able to fix it? 85.128.91.247 13:14, 1 September 2007 (UTC).
- Actually you are. :) But I did it. It now links to Interactive proof system, which is the right place. Mangojuicetalk 16:05, 1 September 2007 (UTC)
Another terminology question
It is said Some use the terms cryptography and cryptology interchangeably and this is used in wikipedia as cryptology redirects here. I have checked a few places, for example Britannica and Mirriam Webster Dict. and they make a difference, moreover the etymology is different. Could anyone give some references to publications where both terms mean the same? Has it been earlier discussed, or the mater is so obvious? Best, kuszi 13:25, 8 September 2007 (UTC).
- Albrecht Beutelspacher in Cryptology says that the two can be used interchangeably. Some people use "Cryptography" to mean the science of writing secret messages, "cryptanalysis" to mean the breaking of encrypted messages and "cryptology" to mean cryptanalysis and cryptography combined. Others just label the whole field as "cryptography". This has been discussed at Talk:Cryptography/Archive 1#cryptology duplicates cryptography? a merge proposal, Talk:Cryptography/archive2#Cryptology = cryptography + cryptanalysis ? and probably in a few other places. Hut 8.5 14:28, 8 September 2007 (UTC)
- Thank you for the response, however I am quite satisfied. Even if we agree with prof. Beutelspacher, please consider it important he titled the book, Kryptologie (original was written in German), not Kryptographie like the main article in wikipedia. Best kuszi 10:46, 9 September 2007 (UTC).
- Well, I for one prefer "Cryptography" as the title because I draw the distinction differently. I think of cryptography as the subject and cryptology as the academic study of that subject, and this article is not just about the study of cryptography but also its use. In practical terms it doesn't matter much because we have the redirect, but I do note that many articles open with a line like "In cryptography, a digital signature is..." et cetera. Mangojuicetalk 17:01, 10 September 2007 (UTC)
- Well, I do agree that the word cryptograpy is used more common comparing to cryptology, but I don't agree that it is the reason to change its meaning, we are writing encyclopedia, do we? We use cryptography, while we use cryptographic techniques, other way we are cryptoanalysists. If it is said "In cryptography, a digital signature is...", the part of cryptology is considered, am I wrong? Possibly it would be better to entitle the article cryptology and to make a redirect from cryptography? Best, kuszi 21:08, 14 September 2007 (UTC).
- I don't understand what you mean. The usage we both quoted is perfectly fine as-is. I looked at the dictionary definitions in Miriam-Webster that you linked to, and it backs up my interpretation: Cryptology is the scientific study of crytography. We could stand to find a source for the claim that they're used interchangeably, though. Mangojuicetalk 21:46, 14 September 2007 (UTC)
- By Miriam-Webster Cryptology is the scientific study of crytography and cryptanalysis - both of them.
- We have Cryptanalysis subsection, and section titled History of cryptography and cryptanalysis. What is the article about: the study of cryptography (or cryptology as scientific study) and use of cryptography (or use of cryptography and cryptanalysis), possibly I do not get the main idea. Best, kuszi 14:15, 16 September 2007 (UTC).
- This article is a general overview of cryptography, cryptology, cryptanalysis, all of them. So the article is about (1) the use and techniques of cryptography, (2) cryptanalysis, and also (3) the study of these, but this last is least directly important; it is merely a natural thing to cover while covering (1) and (2). Anyway, I altered the lead sentence; it was incorrectly describing cryptography as the "study"; really, "practice and study" is better. And also, I changed "message secrecy" to "hiding information" because the information being hidden isn't always a "message." Mangojuicetalk 13:56, 18 September 2007 (UTC)
- I don't understand what you mean. The usage we both quoted is perfectly fine as-is. I looked at the dictionary definitions in Miriam-Webster that you linked to, and it backs up my interpretation: Cryptology is the scientific study of crytography. We could stand to find a source for the claim that they're used interchangeably, though. Mangojuicetalk 21:46, 14 September 2007 (UTC)
- Well, I do agree that the word cryptograpy is used more common comparing to cryptology, but I don't agree that it is the reason to change its meaning, we are writing encyclopedia, do we? We use cryptography, while we use cryptographic techniques, other way we are cryptoanalysists. If it is said "In cryptography, a digital signature is...", the part of cryptology is considered, am I wrong? Possibly it would be better to entitle the article cryptology and to make a redirect from cryptography? Best, kuszi 21:08, 14 September 2007 (UTC).
- Cryptography is not a science, though it draws from scientific results. Cryptography is not mathematics, though modern cryptography relies heavily on it. And cryptography (either on the system development side or on the cryptanalysis side) is not a scientific enterprise. This is in the strict sense of science, hypothesis / experimental test (in part to develop additional data)) / revision of hypothesis. In the sense of careful and systematic reasoning from available data, certainly. But there is a reason that most accounts speak of the art and science of cryptography -- there is a great deal of art involved that cannot be reduced or systematized. We cover, in the various crypto corner articles, a great deal of that which can be systematized. And the links point to more on the net. Beyond introductory ideas, the subject is highly technical and mathematical, both of which push it to the boundary of what's suitable for a genreal purpose encyclopedia like WP. If you want a coherent account of that, I suggest you look into some of the references. Goldreich is well thought of, Stimson is widely used in university courses, Anderson's Security Engineering is excellent in providing a wider perspective than only algorithms and ways to break them.
- Well, I for one prefer "Cryptography" as the title because I draw the distinction differently. I think of cryptography as the subject and cryptology as the academic study of that subject, and this article is not just about the study of cryptography but also its use. In practical terms it doesn't matter much because we have the redirect, but I do note that many articles open with a line like "In cryptography, a digital signature is..." et cetera. Mangojuicetalk 17:01, 10 September 2007 (UTC)
- Thank you for the response, however I am quite satisfied. Even if we agree with prof. Beutelspacher, please consider it important he titled the book, Kryptologie (original was written in German), not Kryptographie like the main article in wikipedia. Best kuszi 10:46, 9 September 2007 (UTC).
- Our history article is a good introduction and provides perspective on the field and its development. Worth reading. ww 06:39, 17 September 2007 (UTC)
- I do not state that the article is worthless to read, contrary I have read it quite carefully. Please take to account that your post little contradicts the definition given in the article (as a branch of both mathematics and computer science). Best, kuszi 08:00, 18 September 2007 (UTC).
- Our history article is a good introduction and provides perspective on the field and its development. Worth reading. ww 06:39, 17 September 2007 (UTC)
Separate from the debate above concerning whether cryptography is used as a synonym for cryptology (and I agree that this is often done in all but the most formal discussions), the definition of cryptology must be made clear. Cryptology is defined as the combined study of cryptography and cryptanalysis. I've amended the terminology section accordingly and cited the dictionary definition of cryptology to back this up (Merriam-Webster's). This is surely useful to the reader, as the term cryptology isn't used elsewhere in the article. Ross Fraser (talk) 01:19, 1 February 2008 (UTC)
- Ross, The usage is not so inflexible as you suggest. But nevertheless, this issue was settled for WP purposes some time ago. At one time there was a series of articles under the headings of both cryptology and cryptography. Cryptiacs active at the time decided to collapse the cryptology tree, leaving pointers. Since that time, large numbers of links and references have cemented that decision into something rather fixed. I think this has long ago been OBE. See one of the archives for this page (the 1st, I think) for the decision. ww (talk) 09:29, 1 February 2008 (UTC)
Adi Shamir warning of hypothetical exploitation of math flaws in processors
I don't want to step on the toes of more experienced editors of this and other cryptography articles, but I really think the substantive material in the cited New York Times story by John Markoff is worthy of inclusion in this article, and possibly the one on side channel attacks as well. I added the additional opening qualifier of "Hypothetically" to begin the sentence when I reinserted it, but if someone wants to delete it again (which is fine), could they at least explain more fully here on this page why they don't think it is worthy of mention? Given the stories that do make it to the press about errors in embedded processor code (and all the many more errors that are likely never publicized), it seems like a legitimate concern for potential future attacks on public-key cryptographic transactions, even though Shamir notes that he knows of no such attacks yet. No barometer of intelligence (talk) 18:07, 19 November 2007 (UTC)
- I have trouble seeing how a minor set of attacks that might be possible should be mentioned in the main article. Mention in the NYT isn't by itself a good enough reason. There may be an article on cryptography other than the main one where this makes more sense. JoshuaZ (talk) 18:42, 19 November 2007 (UTC)
- Point taken. Can you suggest another article in which inclusion of the story might be more appropriate? Perhaps the one on Shamir himself? No barometer of intelligence (talk) 19:09, 19 November 2007 (UTC)
- A big problem is that the NYT article is very vague. It is already well known that errors can leak private keys. See for example Kocher's comment in the article. Shamir quite likely doesn't reiterate old results. So it seems that the NYT article may insufficently describe Shamir's paper. Quite possibly the paper is worth mentioning, but we can't say much before the paper is published. 85.1.100.239 (talk) 21:44, 19 November 2007 (UTC)
- Understood. I removed the mention. It may be a case of the so-called "main stream media" being deficient to explain intricate technical subjects without losing a substantial portion of their readership. If I see a more detailed mention of Shamir's research note to his colleagues elsewhere, I'll bring it to the attention of other editors here before trying to include it in this or any other article. Thanks for the feedback. No barometer of intelligence (talk) 22:02, 19 November 2007 (UTC) P.S. and mea culpa - It appears the mass media reporting about Shamir's note was much ado about little, if not nothing, according to this Computerworld story:[1] Sorry. No barometer of intelligence (talk) 22:34, 19 November 2007 (UTC)
- I don't see a need to apologize here. Shamir's note likely describes what is known as a fault attack. There are quite a number of research papers analyzing such attacks. Some cryptographic libraries take these attacks serious and implement countermeasures. It might be a good idea to start a new wiki page on fault attacks pointing to some of the known results. Certainly it would be great to have access to Shamir's note. E.g., a serious implementor would probably want to know if countermeasures against such attacks are necessary (rsp. should be improved). Neither the NYT nor the Computerworld article are of any help there. 85.2.41.154 (talk) 07:53, 20 November 2007 (UTC)
- If we want to improve coverage in this area, I would think the best idea would be to talk about attacks based on measuring power consumption or magnetic field fluctuations; those are well-established, well-noted issues. Mangojuicetalk 14:33, 20 November 2007 (UTC)
more/better references/footnotes
The first two sections (counting the intro) have no references. --Thinboy00 talk/contribs @70, i.e. 00:40, 20 November 2007 (UTC)
- The intro doesn't necessarily need references. It's just a summary of the content in the article (which should be referenced). Hut 8.5 07:57, 20 November 2007 (UTC)
pair vs set
"A cipher (or cypher) is a pair of algorithms which perform this encryption and the reversing decryption."
Wouldn't "a set of algorithms" be more appropriate?
206.126.85.163 21:36, 22 April 2007 (UTC)
- Why? It's normally 2 algorithms: one for enciphering, and one for deciphering. Mangojuicetalk 14:32, 23 April 2007 (UTC)
- Technically, some Ciphers use the same algorithm for encryption and decryption.For example: one time pad. —Preceding unsigned comment added by 134.2.172.190 (talk) 15:29, 19 January 2008 (UTC)
Assuaging Persistent Doubters
I occasionally encounter the clearly mistaken assertion that there is a realistic possibility that organizations such as the NSA are capable, within practical time and budget constraints, of breaking all popular ciphers (with the possible exception of One-time pad) of any key length. I have found no succinct statement on Wikipedia explaining, in a manner accessible to the layperson, why this is not a reasonable viewpoint even though it cannot be disproved.
For example, from Schneier:
- If I take a letter, lock it in a safe, hide the safe somewhere in New York, then tell you to read the letter, that's not security. That's obscurity. On the other hand, if I take a letter and lock it in a safe, and then give you the safe along with the design specifications of the safe and a hundred identical safes with their combinations so that you and the world's best safecrackers can study the locking mechanism -and you still can't open the safe and read the letter - that's security.
Does this belong on Wikipedia somewhere? (Or is it already here?) AndersJohnson (talk) 05:30, 31 January 2008 (UTC)
- The argument you summarize here is a complex one, relying on estimates of future progress in such matters as mathematical research or computer software algorithm developments and similar matters. As such it is hard to handle on WP, which is biased against long contingent explanations of most anything. Furthermore, there will be objections on grounds of Original Research (forbidden by WP policy and enforced by unimaginative Miss Fidditches of several stripes) for most any such account. Of course to the detriment of WP quality. So, as a current practical matter, making the point you suggest will be difficult, in this article or another, despite the fact that it is a perfectly reasonable and indeed central to any understanding of crypto security. And in spite of the absence of any requirement of mathematical mastery to understand the argument. Few crypto evaluations are as easily presented to the lay person.
- Great writing skill might be able to make the point, but the general standard of writing on WP does notis, collectivley, show much brilliance.
- I'm not sure, absent revision of WP policies being applied in a rote and stolid fashion by too many ignorant of the underlying content of the articles they patrol, just how to get around this. —Preceding unsigned comment added by Ww (talk • contribs) 17:44, 31 January 2008 (UTC)
- Ww summarized the problem well. Part of the issue is that Wikipedia is not a textbook, and the point you're talking about sounds like the kind of thing I'd want if I were writing one... or maybe not even that. Maybe it would more be like the answer I would give if someone asked me a question about it. The point about Security via obscurity is made here in the history section; see also Kerckhoff's principle. Mangojuicetalk 18:24, 31 January 2008 (UTC)
UK v US pendantic lies have to stop
I am so sick of people from here, the UK, trying to discredit or more precisely, incorrectly crediting Brits for things.
Take the following quote for example "In 1997, it finally became publicly known that asymmetric key cryptography had been invented by James H. Ellis at GCHQ, a British intelligence organization, in the early 1970s, and that both the Diffie-Hellman and RSA algorithms had been previously developed (by Malcolm J. Williamson and Clifford Cocks, respectively).[18]"
Complete and utter tripe - everyone, and I mean everyone, working in the field know the technique was invented and propagated in the US, by Americans. The fact that the US shared the technique with Brits working in MI type roles is completely irrelevant. WTF cares is Brits also knew about it? Of course they did the Americans taught them.
That quote completely ruins the entire article and more and more articles are getting this every single day. The British Uni Profs have got to stop telling their students to go into Wiki and make edits that create revisionist history in favor of the UK and against the US (or all other countries for that matter). Instead the UK should be teaching their youth to start showing what they are capable of, doing things like creating this technique, which was done by Americans - not Brits.
Whoever, made this edit, and all edits like it, is a disgrace to the United Kingdom —Preceding unsigned comment added by 157.203.42.50 (talk) 14:47, 7 May 2008 (UTC)
- Your porposed UK Uni Prof conspiracy might in fact exist (conspiracies are by definition unknown until uncovered), but the facts you claim are in error are actually well established. Whether you like it or not, and with the added confusion of enforced secrecy confusing all, it's very clear that the article is correct. Ellis, Cocks, and Williamson did invent asymmetric crypto before anyone else. As for the Americans who invented it, as you suggest, one was an Israeli citizen, Adi Shamir, then and still. He's the S in RSA.
- Nonetheless, given the possibility that the conspiracy you allege exists, I'd love to see some citation (suitable for use on WP and in this article). ww (talk) 20:30, 8 May 2008 (UTC)
cryptographic primitives
This section hardly makes sense. It looks like someone deleted a few lines from the section, but even still isn't it confusing to launch directly into a diatribe regarding the existence of one-way functions in this context?--Kooky (talk) 22:29, 28 June 2008 (UTC)
- You're correct. This section once noted that primitves are the building blocks of actually usable crypto systems and are often the only parts for which successful sustained survival against sustained cryptanalytic attack can be cited. Protocols, by which primitives are combined to do user-land useful things (eg, authentication, integrity checking, key management) are typically less well vetted by attacks. At least one editor persistently included the one way function issue here, and so others gave up lest there be an edit war.
- That one way functions are (or are not) possible is philosophically and mathematically fascinating, and quite germane to crypto should a proof (and examples) one way or another be found, this issue is not one which currently afflicts crypto engineering much. Engineering is not so much concerned with theoretical proofs as with practical effectiveness. Such a function, proved to be one way, would increase everyone's confidence in some primitives and perhaps in some protocols and thus in some crypto systems. It would have immediate engineering application, I expect. But, given the multitude of ways a crypto system can fail, many (most?) being outside the designer's control, regardless of interesting mathematical/philosophical results, it's not a first level concern for competent cryptographers / system designers today.
- Some point akin to this should probably be made in the article, and this section is an excellent candidate. Be Bold... ? ww (talk) 17:52, 29 June 2008 (UTC)
Jew in "see also" section
Why is this there? KayVee (talk) 13:52, 31 October 2008 (UTC)
- Don't know - someone added it yesterday. Gone now. Hut 8.5 15:23, 31 October 2008 (UTC)
Jews?
Hi, why does the see also section contain a links to Jews? 141.219.153.163 (talk) 15:17, 31 October 2008 (UTC)
- Looks like someone fixed it. 141.219.153.163 (talk) 15:32, 31 October 2008 (UTC)
- Yes (see the bottom of the page). Hut 8.5 15:34, 31 October 2008 (UTC)
Digital Rights Management section
The second paragraph doesn't appear to make sense. Perhaps someone deleted a line or two from this section. Could that long sentence be broken up? —Preceding unsigned comment added by 122.108.47.245 (talk) 14:20, 20 March 2009 (UTC)
The issues discussed in this section bear little connection to cryptography. For example, the DMCA legal issues discussed are primarily the result of conventional reverse engineering, not cryptographic work. In addition, the statement "In 2007, the cryptographic keys responsible for Blu Ray and HD DVD content scrambling were discovered and released onto the internet." is only partially correct, since both Blu-ray and HD-DVD use many different keys with a revocation system called AACS.
Finally, this section does not have a neutral point of view. For example, the statement "massive internet backlash as a result of the implications of such notices on fair use and free speech both legally protected in the US and in some other jurisdictions" is subjective, and is only tangentially related to the field of cryptography. —Preceding unsigned comment added by 99.161.102.210 (talk) 05:00, 21 July 2009 (UTC)
- Be bold and have at it. But note that there is considerable contention around the subject (see talk for the DRM article for examples) and that most of the contention probably belongs there. Here we should enough coverage to demonstrate that DRM is significantly involving crypto and so is a major contemporary use of same. Since this is a featured article, whatever is done should meet the highest WP standards, lest that status be lost. ww (talk) 06:34, 21 July 2009 (UTC)
Insecurity of cryptography section
I found this section added to the article and poorly written. I rewrote it, making it more acceptable. And I have just corrected a problem with that rewrite. Nevertheless, the material is covered elsewhere in the article, and I don't feel a separate secitn is warranted. If someone feels it should be beleted, I'd have no problem with it. I left it in to await comment.... ww (talk) 01:26, 19 April 2009 (UTC)
- The section overlaps with the section "cryptanalysis". Since a cryptosystem is insecure if it can be cryptanalyzed I see no reason to have two sections that talk about the same thing. 92.106.67.243 (talk) 10:40, 19 April 2009 (UTC)
Ciphertext - definition?
I couldn't find in this article a wikilink to the definition of "ciphertext", so I added it. Additionally, I found out that "ciphertext" redirects to "encryption", which although related is not exactly the same term; so I'll add a definition of ciphertext according relevant bibliography and will eliminate that redirection.
Kind regards, DPdH (talk) 08:12, 11 July 2009 (UTC)
Trivially breakable
In the terminology section the article says
"Keys are important, as ciphers without variable keys are trivially breakable and therefore less than useful for most purposes."
I would strongly argue that simply because a cipher does not rely on keys, does not make it trivially breakable. I would go as far
as claiming that the construction of a cipher, that is unlikely to be compromised, is relatively easy, providing that the algorithm producing
the ciphertext is kept secret. However this is not practical, as it does not adhere to Kerckhoffs'_principle.
I suggest something along the lines of:
"Keys are important, as ciphers without variable keys does not adhere to Kerckhoffs'_principle and therefore less than useful for most purposes."
or simply
"Keys are important, as ciphers without variable keys are impractical (See Kerckhoffs'_principle)."
--Larsholmjensen (talk) 22:55, 13 October 2009 (UTC)
- I think that gets into the nitty gritty too much for the section, which is meant to be a brief overview to enable a novice reader to read the rest of the article. The article does discuss Kerchoffs' principle. Mangojuicetalk 04:06, 14 October 2009 (UTC)
- Hmm, but it is definitely wrong to claim that "ciphers without variable keys are trivially breakable", so how do we fix that without getting too nitty gritty. Larsholmjensen (talk) 08:13, 14 October 2009 (UTC)
- I disagree, it's not wrong. It's right in the modern sense of what a cipher is, considering normal practice for the last several decades. And my big point here is, this is not the place to talk about historical differences in the notions of a cipher. Mangojuicetalk 14:14, 14 October 2009 (UTC)
- When discussing modern notions of cryptographic security, it is assumed that the type of scheme is made public to all (Kerckhoffs'_principle). The average user likely isn't aware of this. I went ahead and changed the article to point out that if the cipher is public and has no keys, the cipher can be trivially broken. I don't think there is a need to mention Kerckhoffs'_principle at this point in the article if it is mentioned later. Skippydo (talk) 16:57, 14 October 2009 (UTC)
- Good solution and thanks for the warm welcome :) Larsholmjensen (talk) 18:28, 14 October 2009 (UTC)
hidden messages template
I removed the hidden messages template [2]. I felt that it might be ok for the steganography article but is too marginal for a high-priority FA like this one, whose contents are mostly technical and in any case should meet high standards of relevance. As always, feel free to discuss. 66.127.53.204 (talk) 06:18, 15 October 2009 (UTC)
Military patents -- hidden in plain sight?
If one does a search on William Friedman on FreePatents online or Google Patents(?), one finds several cyphered patents that have remarkable Manhattan Project information. The patents include pictures on how to cut out the sheet and apply it over the text to read the cyphered text in plain english (sort of a slide rule/nomograpgh-cryptograph). These patents appear with application dates from 1934 to 1939, and some in 1928 to 1931. The legitimate patents are under William F. Friedman, while the bogus patents are under W. Friedman, I. W. Friedman, E. Friedman, and various anagrams and nom de plums. They are distinguished by 2 close filings on Saturdays or Wednesdays, and there is one patent application with a January 1 date, (ie. when the USPTO is closed!!). These are in fact the top secret (in plain view) Manhattan Project Bomb patents spoken of by Alex Wellerstein and the NPR!! Are these patents (with odd SHORT titles like: container, legging, bag, syringe, packet, packet and pad, toilet accessory, etc.), having patent numbers between 1,500,000 and 1,950,000. Are these the work of William F. Friedman, or the work of Captain Lavender and his atomic scientists; Glenn T. Seaborg, Enrico Fermi, Arthur Compton, Earnest O. Lawrence, Szilard, Morrison, Feynman, etc?
The USPTO database violation and incursion seems clear enough (Pat. #2365494, with application date of January 1, 1944, is a clear USPTO database violation because no patent can ever receive an application date on a holiday under US Patent Act 35!). Since one of the cornertstones of the USPTO is the filing date, if the USPTO's inviolable (assumed) database was violated or "hacked" by an atomic scientist, then presumably any "walk-in" off the street could, in theory, read, copy, edity, modify, delete or add to the USPTO database without the knowledge of the USPTO. This act of sabotage would invalidate every single patent application and issue, since the USPTO opened for business in 1836!!! This appears to be the first time a United States Database was ever hacked and rendered useless, and it was done under the name of W. Friedman. The USPTO has never fully recovered from the first database virus in human history. The question seems why? Like any computer hack, to make a point. The USPTO was (is?) insecure to hold atomic secrets in 1945 and 1946. The Department of Energy and the National Security Agency may owe at least part of their existence to a database security hack under the name of W. Friedman (perhaps by Glenn T. Seaborg or Enrico Fermi).
The list of patents with secret U.S. military value, will be added later, including E. REED (an anagram perhaps for a US department).
And Now, the patents: W. F. Friedman patents: 1516180, 1522775, 1530660, 1608590, 1694874, 1857374, 2028772, 2080416, 2139676, 2140424, 2166137, 2224646, 2395863, 2465367, 2518458, 2552548, 2877565, 6097812, 6130946
W. Friedman patents: 1577406, 1580030, 1626674, 1626927, 1630566, 1630566, 1634712, 1650703, 1652402, 1672519, 1681110, 1719428, 1733189, 1739634, 1743813, 1794602, 1814747, 1814749, 1815922, 1852455, 1854373, 1858218, 1887298, 1887299, 1895187, 1903357, 1949201, 1977183, 2072327, 2365494, 2677861, 2712652, 2836925
W. Friedman USPTO inviolable patent database violation and database intrusion: 2365494
E., F., G., Isidor, H. Lois D., M., N. H., I.W., Samuel, William D., W.E., W.H., W.L. (etc.)…Friedman patents: 1358685, 1564056, 1653163, 1699105, 2011335, 2124551, 2359148, 2378072, 2440042, 2487797, 2544308, 2615214, 2637031
E. REED (Defense Research Establishment Encryption Engineer??) patents: 2712652, 2836925
F.T. BARR (FUBAR??) patent: 2518270
Glenn T. Seaborg and Isadore Perlman patent: 2852336
The above patents may be confirmed or refuted through at least three patent search engines: http://www.google.com/patents, http://www.freepatentsonline.com/search.html, and http://www.pat2pdf.org/ (they all use pdf formats).
70.52.212.244 (talk) 22:09, 28 October 2009 (UTC)Gordon Jenkins, 76 chemin du Village, Luskville, QC J0X2G0 CANADA70.52.212.244 (talk) 22:09, 28 October 2009 (UTC)
- This is obviously a conspiracy theory and inappropriate for inclusion in this article. Dcoetzee 11:09, 29 October 2009 (UTC)
Wrong identification of illustration
The illustration "16th-century book-shaped French cipher machine, with arms of Henri II of France" is misidentified as a cipher machine. The Latin on the left side of the "book" says that it is for planetary orbits, which becomes quickly evident when looking at the layout and also explains the many crescent moons on the right-hand "page." clhowson (talk) 14:16, 15 February 2010 (UTC)
Radical Idea
Hi there, I know this is going to sound radical but I was wondering if there was enough to have an entire article on data encryption as it is actually quite important and I feel that it could merit its own article. Most other terms in the computing world have their own page and was just wondering what the community felt about doing the same here. Yialanliu (talk) 02:48, 17 March 2010 (UTC)
- This artilce should have only a mention of the application, as its about the general field. Other articles here cover disk encryption, assorted algorithms and so on. An article on data encryption would need links to those. On the whole seems reasonable. Go ahead and be bold. Do be sure to include it in the list of crypto artilces though. ww (talk) 21:33, 17 March 2010 (UTC)
- An article like Enciphering scheme? Skippydo (talk) 01:54, 18 March 2010 (UTC)
Misusing of refs
Jagged 85 (talk · contribs) is one of the main contributors to Wikipedia (over 67,000 edits; he's ranked 198 in the number of edits), and practically all of his edits have to do with Islamic science, technology and philosophy. This editor has persistently misused sources here over several years. This editor's contributions are always well provided with citations, but examination of these sources often reveals either a blatant misrepresentation of those sources or a selective interpretation, going beyond any reasonable interpretation of the authors' intent. Please see: Wikipedia:Requests for comment/Jagged 85. That's an old and archived RfC. The point is still valid though, and his contribs need to be doublechecked. The damage is so extensive that it is undermining Wikipedia's credibility as a source. I searched the History of cryptography page history, and found 13 edits by Jagged 85 (for example, see this series of edits). Tobby72 (talk) 10:13, 14 June 2010 (UTC)
- I've found (and corrected) one problematic edit. Here Jagged 85 added an assertion that Al-Kindi knew about polyalphabetic substitution ciphers. I've checked the article cited and it says no such thing. It does say that a different Arab scholar (i.e. not Al-Kindi) had the tabula recta, but that's not quite the same thing. Hut 8.5 21:58, 14 June 2010 (UTC)
Self-reference to avoid
- English is more flexible than several other languages in which cryptology (done by cryptologists) is always used in the second sense above. In the English Wikipedia the general term used for the entire field is cryptography (done by cryptographers).
What Wikipedia thinks it is. I think it is bad style, in general, to cite Wikipedia's policies in articles otherwise unrelated to Wikipedia (except in template boxes). I found it surprising in a featured article. --187.40.222.125 (talk) 02:05, 15 July 2010 (UTC)
- I tend to believe that since this article is on English Widipedia the apparent lack of nuanced differientiation between cryptography and cryptology in some other languages is of little relevance to an article on cryptography and I propose to delete it.FrankFlanagan (talk) 22:56, 29 April 2011 (UTC)
In Our Time
The BBC programme In Our Time presented by Melvyn Bragg has an episode which may be about this subject (if not moving this note to the appropriate talk page earns cookies). You can add it to "External links" by pasting * {{In Our Time|Cryptography|p004y272}}. Rich Farmbrough, 03:12, 16 September 2010 (UTC).
Possible FAR
Concerns regarding this article's status as a featured article have been raised here. Because no prior talk page notification was made, this review has been placed on hold. However, if no response is seen or no work has been done in the next week or so, the review will go ahead. Please place any discussion here on the article talk page, rather than the FAR page, due to the holding of the review. Thank you, Dana boomer (talk) 17:32, 27 January 2011 (UTC)
I noted the temporary FAR notification. Personally, I'm not happy with seeing this up for FAR as it is generally a pretty nice article and very suitable for informing the casual reader about cryptography. I would hope for the nominator to intend working on the article or otherwise I consider the FAR nomination to be rather irresponsible. Regarding the article, it is true that there a number of minor holes and glitches that could be fixed, throughout the text. Concerning citations, I noted that a lot of the historical stuff is from Kahn's book, so the situation is not that bad. If it comes up for FAR again I will try to work on the article as requested though I can't promise due to time constraints. Cheers and all that, Nageh (talk) 18:43, 27 January 2011 (UTC)
- The article requires inline references, the lead needs a rewrite, and the sections require cleanup. In its present state, I intend to take the article to FAR in two weeks time...though I will do my part and clean/source the article when I have time.Smallman12q (talk) 16:31, 29 January 2011 (UTC)
Proposed rewrite of Lead
I am proposing to rewrite the lead of this article essentially in the form below. I am aware that this needs polishing and more citations/references but am putting this forward as a strawman as there appears to have been little or no response to the FAR. Any and all comments would be welcome.
Obviously this implies collateral modifications to the article. Without wishing to significanly disrupt an article that has achieved FA status massively I am inclined to the view that some of the ancient history belongs in history of crpytopgraphy rather than here.
Cryptography (or cryptology; from Greek κρυπτός, kryptos, "hidden, secret"; and γράφειν, gráphin, "writing", or -λογία, -logia, "study", respectively)[1] refers to the study and use of algorithms to provide informationsecurity.
Cryptographic technology can deliver a range of functionality: confidentiality (encryption) rendering information unintelligible to all but the sender and intended recipients; data integrity a level of assurance that a information has not been altered in transit or storage; authentication assurance to the recipient of information that it originated from a person or organisation; and non-repudiation rendering it difficult for a sender to claim that information was/could have been sent by anybody but the sender.
While modern cryptographic algorithms are largely the product of a specialised branch of mathematics, these algorithms are in general implemented by programmers and engineers.
Familiar applications of cryptography include wireless network security, ATM cards, computer passwords, and electronic commerce.
Prior to the advent of the digital computer, cryptography was almost synonymous with encryption, the conversion of information from a readable state to apparent nonsense. Public key cryptography, which only came to public attention in 1976 and cryptographic hash functions essentially enabled widespread use of cryptography by parties who had not previously communicated and enabled the provision of data integrity, authentication and non-repudiation verifiable by the world at large.
Modern cryptography generally adopts a rigorous design approach, designs cryptographic algorithms around computational hardness assumptions, and (outside of government algorithms) puts new proposed algorithms through a long and public peer review process. This tends to produce algorithms that, while hard to break, are not unbreakable in theory but it is the level of effort to do so renders this generally infeasible. These schemes are therefore computationally secure. There exist information-theoretically secure schemes that provably cannot be broken--an example is the one-time pad--but these schemes are more difficult to implement than the theoretically breakable but computationally secure mechanisms.
- This proposed lead suffers from many problems. Text is meant to be presented in paragraphs rather than bullet points whenever possible (see Wikipedia:Manual_of_Style#Bulleted_and_numbered_lists) and I suspect breaking the text into fragments like that won't go down well at the FAR either. If you want to make substantial changes to the article it's best to do that first rather than changing the lead first, as the lead is mean to summarise the article (WP:LEAD) and it's more difficult to summarise content that hasn't been written. We could certainly do with a proper section on authentication though. Hut 8.5 13:18, 30 April 2011 (UTC)
- Many thanks for the comments, I have sought to address the stylistic issues raised above but I fully acknowledge that it is simply a strawman at this point. I will draft a section on authentication in the meantime.FrankFlanagan (talk) 16:14, 30 April 2011 (UTC)
- I have started to develop an authentication section as a userspace page User:FrankFlanagan/Authentication. This is fairly rough and incomplete at present. I am including a link both to demonstrate that some work is being done and as an invitation to anybody who would care to contribute. I am not sensitive about text so feel free to amend in-place or make comments.FrankFlanagan (talk) 09:19, 2 May 2011 (UTC)
Sorry for the delay, Frank, and thanks for your efforts. This is gonna be a somewhat quick review, still short of time. Before starting, let me restate Hut 8.5's comment that it is best to use the lead section only for summarizing the article body. Anyway, here it goes.
The proposed text has multiple issues. To start with, cryptography deals with aspects of information security but it would probably be much more accurate to say that it deals with issues in communications security (as one aspect of information security). However, modern cryptography addresses not only issues in communications/information security but also issues beyond (think of pseudo-random number generation). We could state it like that. Or we could go with one of the more modern and generalizing attempts of definition. Rivest described it somewhat along the line of "Cryptography is concerned with constructing and analyzing protocols which overcome the influence of adversaries." (need to find the sources)
Concerning cryptographic techniques, confidentiality and authentication (plus data integrity) are certainly the most important (I consider non-repudiation strictly less important). However, we should really be more encompassing. For example, "Modern cryptography addresses a vast array of issues in communications security and beyond, including secrecy, data integrity and authentication, entity authentication, authorization, certification, anonymity, secret sharing, zero-knowledge proofs, and efficient key distribution and key revocation techniques, just to name a few."
Concerning your last two paragraphs I would start with rehashing classic cryptographic concepts, like substitution and transposition ciphers, polyalphabetics, auto-key systems, codes (nomenclatures) vs. cryptosystems, use of statistical frequency analysis, the transition into the electronic age and refined mechanics, Shannon's first mathematical treatment of encryption, his proof for the one-time pad, start of the era where cryptosystems are not designed to be "unbreakable" but to be infeasible to be broken by any practical attacker, later formalized by Goldwasser and Micali, in this regard Shannon's concept of product ciphers, then following the advent of computers and an increasing number of electronic transactions the need for a secure encryption standard which led to DES, later replaced via the AES contest. Next, I would discuss the advent of public-key cryptography, which led to the invention of digital signatures and certificate-based PKI, which again allowed for important widespread practical applications such as electronic commerce over the public Internet. Next, I would summarize authentication issues in a paragraph. Then, I would summarize "modern" developments such as proof-based cryptographic systems, the connection to complexity theory, the importance of one-way functions, etc. Last, I would summarize specific applications for cryptography.
Of course, as I stated myself we can only base the lead section on the article body. Which means that there is a lot to do in writing and rewriting. I will continue with the Authentication draft on your discussion page. Nageh (talk) 20:21, 22 May 2011 (UTC)
Update the section for symmetric key cryptography for SHA-3 hash function
In the very end of the section about symmetric key cryptography, they mention hash functions and in particular they say:
Thus, a hash function design competition is underway and meant to select a new U.S. national standard, to be called SHA-3, by 2012.
However this competition is over as of October 2, 2012 and SHA-3 is officially the Keccak function. Please update (my native language is not English, so I think I shouldn't). For more information on the SHA-3, check http://wiki.riteme.site/wiki/Sha-3. — Preceding unsigned comment added by 134.117.21.173 (talk) 23:06, 6 November 2012 (UTC)
Request for comments - draft of authentication section
I have now done a first draft of an authentication section. I intended to insert it into this article but it has perhaps grown a little too much. Some feedback/copy editing would be very welcome as I probably do not feel comfortable dropping a whole new section into a featured article in the absence of some concensus. Draft is User:FrankFlanagan/Authentication. Many thanks.FrankFlanagan (talk) 11:54, 7 May 2011 (UTC)
- The proposed draft is pretty weak. Articles on cryptography should be based on published papers and well established standards and processes. This is not the case with this proposal and in fact is describes authentication methods that are known to be flawed. In particular, the first diagram describing a simple hash based authentication by encrypting the string message||hash(message) is generally not a good idea. Assume for example that CTR mode is used for the encryption and that the attacker can guess the message. Then the attacker can learn the key stream used for the encryption and substitute the ciphertext with any message chosen by the attacker. The attack is simplest when using CTR mode, but is also flawed with other encryption modes. The description of digital signatures is also not state of the art. None of the digital signature schemes I know of follows the "encrypt the hash of the message with the private key" paradigm. DSA is not even close to an encryption scheme. Using RSA encryption to generate signatures is not necessarily secure, because RSA encryption uses a padding suitable for encryption and RSA signatures use paddings suitable for signatures. Using one for the other has difficult to analyze consequences and thus must be avoided. 62.203.98.127 (talk) 13:27, 7 May 2011 (UTC)
- I'm probably not the best person to review this (I've never written any featured content myself) but there are a few points:
- Needs some more references. Some paragraphs don't have any at all.
- The manual of style discourages using bold text to emphasise things (WP:MOSBOLD), italics are preferred.
- I've fixed some typos and capitalisation errors (I don't think any cryptographic systems rely on a "pubic piece of shared data"!)
- Hut 8.5 13:36, 7 May 2011 (UTC)
- Many thanks to both of you for providing very useful feedback. On reflection, in light of the fact that this is intended to fit into an overview article I did perhaps let the balance tilt too much towards simplicity. I have kept, but caveated the first diagram, tidied up the public key material, while attempting to avoid getting into ASN1 and, I think, referenced the material fairly extensively. If anybody feels like taking a further look it would be much appreciated. If it looks like the draft section will not make the standard I am tempted to move it to the main space as a separate article.FrankFlanagan (talk) 22:12, 8 May 2011 (UTC)
Prior notification: I will review both your proposals soon, probably within the next few days. Watch out :) Nageh (talk) 20:50, 10 May 2011 (UTC)
Earliest use of the word Cryptography or cognate forms
As there was a recent edit putting forward a purported earliest known use of the word cryptography, and despite the fact that it may be of more relevance in a dictionary than an encyclopedia, the earliest reference of which I am aware, albeit actually to a cognate form thereof, as cited in the OED is
1641 Wilkins Mercury ii. (1707) 8 "There are also different Ways of Secresy. 1. Cryptologia. 2. Cryptographia. 3. Semæologia."
Any earlier confirmed usage would be welcome. FrankFlanagan (talk) 07:06, 26 May 2011 (UTC)
Classical method may outperform quantum cryptography
I recently stumbled across this and it may prove to be necessary to add information regarding this subject in the future, however at present I am not sure if there is enough information to comment on it in any article yet. http://arxiv.org/abs/1206.2534 70.249.189.22 (talk) 13:43, 17 June 2012 (UTC)
- There is a wikipedia article on the Kish cypher, which might be related to the paper you mention above. 178.195.225.28 (talk) 14:46, 17 June 2012 (UTC)
Cryptography with Biometrics
Cryptography and Biometrics The procedure of cryptography comprises of key generation. The key is generated from a subject’s biometric image with the help of error-correction algorithms, which do not reveal the key, and can be saved in a tamper-resistant token such as a smart card. The reproduction of the key depends on two factors: the subject’s image and the token. The attacker has to procure both of them to compromise the key.
A number of researchers have studied the interaction between biometrics and cryptography, two potentially complementary security technologies. Biometrics is about measuring unique personal features, such as a subject’s voice, fingerprint, or iris. It has the potential to identify individuals with a high degree of assurance, thus providing a foundation for trust. Cryptography, on the other hand, concerns itself with the projection of trust: with taking trust from where it exists to where it is needed.
The main obstacle to algorithmic combination is that biometric data are noisy; only an approximate match can be expected to a stored template. Cryptography, on the other hand, requires that keys be exactly right, or protocols will fail. For that reason, previous product offerings have been based on specific hardware devices. It would be better to have a more general, protocol-level approach, combining cryptography and biometrics. Yet another consideration is privacy. Many users may be reluctant to have biometric data stored on central databases; and there may be less resistance to biometric technology if users can be credibly assured that their templates are not stored centrally (or, perhaps, at all).
How it works. Firstly (Enroll): In this subject enrolls the number of scanned image. It can be Iris, fingerprint, voice etc. This sample is stored in the database and is used for matching and key generation procedure.
Secondly (Key generation): The key is generated using biometric sample which is used in cryptography.
Third (Cryptography): In this message is encrypted using generated key. This process is employed before sending of message. User side: encryption of message using key and receiver’s key. Receiver side: decryption of message using the receiver key through biometric scan.
Biometric Key Generation[2]
BKGs are generally composed of two algorithms, an enrollment algorithm (Enroll) and a key-generation algorithm (Key Gen):
• Enroll (B1, . . . , Bℓ): The enroll algorithm is a probabilistic algorithm that accepts as input a number of biometric samples (B1, . . . , Bℓ), and outputs a template (T) and a cryptographic key (K). In the event that B1, . . . , Bℓ do not meet some predetermined criteria, the enroll algorithm might output the failure symbol ⊥.
• Key Gen (B, T): The key generation algorithm accepts as input one biometric sample (B), and a template (T). The algorithm outputs either a cryptographic key (K), or the failure symbol ⊥ if B cannot be used to create a key. The enrollment algorithm estimates the variation inherent to a particular user’s biometric reading and computes information needed to error-correct a new sample that is sufficiently close to the enrollment samples. Enroll encodes this information into a template and outputs the template and the associated key. The key-generation algorithm uses the template output by the enrollment algorithm and a new biometric sample to output a key. If the provided sample is sufficiently similar to those provided during enrollment, then Key Gen and Enroll output the same keys. Vinit2jain (talk) 17:36, 30 October 2012 (UTC)
References
- ^ Liddell and Scott's Greek-English Lexicon. Oxford University Press. (1984)
- ^ [www.cl.cam.ac.uk/techreports/UCAM-CL-TR-640.pdf "Combining cryptography with biometrics effectively"] (PDF). University of Cambridge. 640: 17. 2005. Retrieved 25 October 2012.
{{cite journal}}
:|first=
missing|last=
(help); Check|url=
value (help); Unknown parameter|month=
ignored (help)CS1 maint: multiple names: authors list (link)
First line and lead section references to "adversaries"
I think considering the weight of cryptography's current use with respect to mathematics - the study of codes or encoded messages - is closer to the heart of the meaning of the term. While codes evolved in history as a wartime tool, which lends itself to the idea that adversaries and evading detection are core of the definition, I think "cryptography" as a subject has been reclaimed by academia, culture, and modernity. Modern uses of cryptography include ssh keys, Bitcoin, barcodes and QR codes, etc. Andrevan@ 16:54, 28 November 2013 (UTC)
ZXX font
Can fonts as Sang Mun's ZXX be mentioned in the article ? They appearantly can't be read by OCR software (at least not at present). See
KVDP (talk) 16:53, 16 February 2014 (UTC)
- I think that would best be mentioned over at Steganography, the Digital subsection, since the idea behind it is not to encrypt but rather to obfuscate the message in such a way that the enemy, in this case a machine, won't recognize that it even exists, yet to leave it in plain sight and easily recognized by the intended recipients, humans. 66.27.174.138 (talk) 03:55, 19 March 2014 (UTC)
Possible copyright problem
This article has been revised as part of a large-scale clean-up project of multiple article copyright infringement. (See the investigation subpage) Earlier text must not be restored, unless it can be verified to be free of infringement. For legal reasons, Wikipedia cannot accept copyrighted text or images borrowed from other web sites or printed material; such additions must be deleted. Contributors may use sources as a source of information, but not as a source of sentences or phrases. Accordingly, the material may be rewritten, but only if it does not infringe on the copyright of the original or plagiarize from that source. Please see our guideline on non-free text for how to properly implement limited quotations of copyrighted text. Wikipedia takes copyright violations very seriously. Diannaa (talk) 01:39, 21 March 2014 (UTC)
Global surveillance
Part of a series on |
Global surveillance |
---|
Disclosures |
Systems |
Selected agencies |
Places |
Laws |
Proposed changes |
Concepts |
Related topics |
This article is about Cryptography. The Global surveillance template (on the right) was added, which I replaced with a link to the Global surveillance article in the See also section. Whizz40 (talk) 13:28, 12 October 2014 (UTC)
External links modified
Hello fellow Wikipedians,
I have just added archive links to 2 external links on Cryptography. Please take a moment to review my edit. If necessary, add {{cbignore}}
after the link to keep me from modifying it. Alternatively, you can add {{nobots|deny=InternetArchiveBot}}
to keep me off the page altogether. I made the following changes:
- Attempted to fix sourcing for www.cacr.math.uwaterloo.ca/hac/
- Added archive https://web.archive.org/20110726214409/http://ftp.se.kde.org/pub/security/docs/ecash/crypto93.ps.gz to http://ftp.se.kde.org/pub/security/docs/ecash/crypto93.ps.gz
When you have finished reviewing my changes, please set the checked parameter below to true to let others know.
This message was posted before February 2018. After February 2018, "External links modified" talk page sections are no longer generated or monitored by InternetArchiveBot. No special action is required regarding these talk page notices, other than regular verification using the archive tool instructions below. Editors have permission to delete these "External links modified" talk page sections if they want to de-clutter talk pages, but see the RfC before doing mass systematic removals. This message is updated dynamically through the template {{source check}}
(last update: 5 June 2024).
- If you have discovered URLs which were erroneously considered dead by the bot, you can report them with this tool.
- If you found an error with any archives or the URLs themselves, you can fix them with this tool.
Cheers.—cyberbot IITalk to my owner:Online 22:53, 24 January 2016 (UTC)
Cryptology
The article is misleading to the reader in that it confuses cryptography with cryptology (and in fact it suggests that cryptoanalysis is a part of cryptography). I know it's been already discussed zillion times before through the wikipedia history, and different editors have various ideas, possibly there are even some differences in the popular American vs British usage but still it stays confusing. Can we make the distinction clear, based on strong linguistic sources rather than individual editors' opinions ? Similar confusion is common in other languages, still most other wikis have this already properly handled. --Lysytalk 19:00, 24 September 2011 (UTC)
- Hence the expression "cryptographic attack" would be an oxymoron. But a quick search on Google scholar shows that the expression can be found in over 500 papers. This clearly indicates that even the experts do not always distinguish between the terms cryptography and cryptology. Wikipedia should merely state how a term is used and not try to correct rsp. redefine it. At the moment the article seems to achieve this reasonably well. 83.79.135.102 (talk) 20:25, 24 September 2011 (UTC)
David Kahn called it 'cryptology'. -- Narnia.Gate7 (talk) 00:02, 10 May 2014 (UTC)
The confusion is not a Wikipedia one, but rather usage in the wider world. This was discussed (here in archived talk) many years ago and a decision made that, for Wikipedia purposes, cryptography rather than cryptology would be used. The question is an arbitrary one, given the sloppy and non0exclusive use of the terms by others, there is no solution. Anyone claiming one is going a bridge too far, in linguistic terms. There was a similar contretemps in re the spelling of cypher (or cipher). Both were accepted for Wikipedia purposes. This is, in some phrasing in the talk then, a tempest in a teapot. — Preceding unsigned comment added by 69.118.211.137 (talk) 17:47, 24 June 2016 (UTC)
New Cipher
Please see the following link for a newly discovered cipher.
http://ctext.org/discuss.pl?if=en&board=4&thread=2610624
W. K. Choy (talk) 17:19, 30 September 2016 (UTC)
External links modified
Hello fellow Wikipedians,
I have just modified one external link on Cryptography. Please take a moment to review my edit. If you have any questions, or need the bot to ignore the links, or the page altogether, please visit this simple FaQ for additional information. I made the following changes:
- Added archive https://web.archive.org/web/20060709111152/http://www.crypto.rub.de/en_paar.html to http://www.crypto.rub.de/en_paar.html
When you have finished reviewing my changes, you may follow the instructions on the template below to fix any issues with the URLs.
This message was posted before February 2018. After February 2018, "External links modified" talk page sections are no longer generated or monitored by InternetArchiveBot. No special action is required regarding these talk page notices, other than regular verification using the archive tool instructions below. Editors have permission to delete these "External links modified" talk page sections if they want to de-clutter talk pages, but see the RfC before doing mass systematic removals. This message is updated dynamically through the template {{source check}}
(last update: 5 June 2024).
- If you have discovered URLs which were erroneously considered dead by the bot, you can report them with this tool.
- If you found an error with any archives or the URLs themselves, you can fix them with this tool.
Cheers.—InternetArchiveBot (Report bug) 14:36, 2 August 2017 (UTC)
A method used by intelligence
A method used by cyberespionage is the modular variablocks method: "variable length of encryption blocks/cryptoblocks". In this system, we don't codify a standard length of bit-quanta, instead inside the key there is a code of the pattern block-change. It is safer to use a separate key in order to select (algorithmically) a variablock pattern. All users of this encryptive method should know beforehand the algorithms of the variable bit-quanta. Also if we have 30 different sizes of bit-quanta, we need 30 different encryptional vocabularies for the translation (they can be algorithmically related; if they are not related, the system is safer, but you have to use more keys). This system has some problems though. 1. you might have to use two or more keys, 2. if your message has noise you might lose the correct pattern of bit-length-variation, you can protect your message from noise by adding one more layer of anti-noise transcription, but that makes your message longer
If you design it carefully it works just fine, but you have to apply anti-noise encoding, otherwise you might lose track of the variable sections. Remember, variable sections means variable cryptographic dictionary. You must create great algorithms, otherwise it won't work well! It's a very old method, but great (if programmed well)!
- simple English: Hell_i|s_empty_a|nd_all_t|he|_dev|i|ls_are_|here. (6-9-8-2-4-1-7-5-etc... modular variablock section, each number of digits per section corresponds to a different cryptodictionary, even the result can be of variable block length, but you then need more keys and more anti-noise layers)
- We deliver some key components via different e-mails, some via-different telephones and some face to face at many meetings, also we deliver separately the order of usage. Lazy people deliver one finalized huge key, and everybody reads their messages.
- If you rotate the same bit-widths in exact order, infiltrators might be able to find your partition pattern either your message. The whole point is to complicate the order, but that might cause problems to the sender if (s)he's a bad programmer. If you're Japanese it always works!
- And the most important thing is that we add meaningless random digits at certain (pseudorandom-dedicated) partitions the algorithm dedicates for randomness. That also might cause some problems. If your noise is thoroughly random, the infringer might understand some bit-width partition sections. We use pseudorandom algorithms, in order the result is "natural". Do it well, or don't do it at all! It saves or betrays you!!! (we know which partitions have pseudorandom digits, and we simply delete these)
- Each bit-width corresponds to many different bit-width encoded dictionaries. This method creates huge dictionaries with many languages that have different widths for the same input. You don't have to know all the codes beforehand. Algorithms do it for you. It still remains a big-data option, but it works fine if programmed well. This system has huge hidden entropy. We never repeal the whole pattern of our systemic entropy, because we use many "cryptolanguages" and we only know how we apply each one. And that code doesn't always work. A Russian girl fucks an agent. No crypt-anal-ysis needed.
- Before we do that, we encrypt our message with other methods. Always use many layers of different methods of encryption.
"Applied Cryptography" listed at Redirects for discussion
An editor has asked for a discussion to address the redirect Applied Cryptography. Please participate in the redirect discussion if you wish to do so. LFaraone 13:52, 25 October 2019 (UTC)
Book added in bibliography bug
Hello everyone,
I added a book in the bibliography but there is a bug with the ISBN number.
Could someone tell me how to fix this problem ?
Best regards,
A history lover (talk) 15:53, 17 July 2021 (UTC)
Cryptographic Hash Functions
The article's description and categorization of cryptographic hash functions is currently incorrect. Cryptographic hash functions can be used in either symmetric or asymmetric encryption and are essentially kinds of keys. The 'symmetric' vs. 'asymmetric' distinction refers to how the keys are shared, if they're shared at all. CessnaMan1989 (talk) 17:31, 7 September 2021 (UTC)
Added sections "Applications" and "Social issues" + split request
A few weeks year ago, technically (how time flies!), I added the sections "Applications" and "Social issues" to this article per User:Nageh's feedback on the 2011 featured article review. Though I was able to add a lot of stuff to the Applications section (and I'm we're hardly getting started!), the various applications of cryptography is a vast topic (as evidenced, for example, by the sheer size of Category:Applications of cryptography) and so deserves its own article. Therefore, I propose that this section be expanded and then split into another article titled Applications of cryptography.
I also added the section "Social issues". However, I have no idea[1] what to put in it, so I left it blank. (Presumably, it should have enough stuff that it would have to be a mere summary of another article titled Social issues of cryptography, but that's another story.) I would ask Nageh himself, but, alas, it seems that he left Wikipedia in 2013[2] due to excessive wikidrama. Duckmather (talk) 18:42, 2 January 2022 (UTC)
Duckmather (talk) 18:42, 2 January 2022 (UTC)
- @Duckmather: What is in the applications section currently is a bit light for an article, I think, and does not seem not undue here. If you or someone else were to write more content in a separate article, then one could replace the content currently here with a summary of that article. Otherwise, I would say we should just keep expanding the section here and split it when it is actually too large to remain at the main article. Felix QW (talk) 19:19, 18 November 2023 (UTC)
- @Felix QW: Fine, I removed the split tag; thanks for your astute observation. Duckmather (talk) 05:36, 21 November 2023 (UTC)
Viet Nam POW code
Did you guys know about this code? If not, you set up a square that has five letters in a row, then you set up five rows on it. Then you place certain letters in it that has dual sounds in it, such as C, G, Y in it to replace certain other letters in it. Here is a example:
A B C D E F G H I L M N O P Q R T U V W X Z J K Y
From this, you tap(on a excellent sound conducting surface, like a pipe), for the letter Q, tap five times, wait for one sec.,tap three times. You repeat this, only you adjust what you are doing for each letter as you spell out your words. In this one, the letter C will be used for the letter S. This was created by shot down US POWs who ended up in the Hanoi Hilton, a Viet Nam prison camp. This was in a print issue of The Readers Digest. I can't source this at this time. Some of the issues referred to what happened in Viet Nam, during the Viet Nam War, and this cipher system was in these articles. There are variations of this system, all created to confuse the Vietnamese guards.
How is pre ISBN, pre Internet, print media sourced for Wikipedia? Thanks. Wikipedia is the best. 😘🥰 Nuclear Sergeant (talk) 09:35, 15 July 2023 (UTC)
- There's an article about this at Tap code. JaggedHamster (talk) 18:53, 16 July 2023 (UTC)
Security lines
Do we have to have a working phone to do this is it all done through the network as long as you have a Wi-Fi network or some sort to use it and what is the encryption technology 256 or what 71.219.144.28 (talk) 19:27, 29 September 2023 (UTC)
Wiki Education assignment: INFO 505 - Foundations of Information Science
This article was the subject of a Wiki Education Foundation-supported course assignment, between 22 August 2023 and 11 December 2023. Further details are available on the course page. Student editor(s): Mayoosan (article contribs). Peer reviewers: Chillimune.
— Assignment last updated by Chillimune (talk) 01:58, 12 December 2023 (UTC)
- ^ Because I am That Kind of Person™, I asked GPT-J (on default creativity settings) to imagine the contents of the (as of now hypothetical) Wikipedia article titled Social issues of cryptography. In response, I got an essay with a brilliant lead sentence ("The social issues of cryptography are the study of cryptographic technology and its interactions with society.") but which then degrades into an inane discussion of public policy and various applications of cryptography (it starts going into a tangent about electronic voting, which is where I cut generation off). I tried this several times with different models and creativity settings and got similar results each time. Absolutely useless. [original research]
- ^ At least, in the featured article review, User:Tijfo098 refers to Nageh with male pronouns.