% fortune -ae paul murphy

What 2.484564472E24 means for internet security

There are, it seems to me, only three kinds of cryptology systems known:

  1. there are the magic hand wave methods - like DES - which attempt to disguise the information content of the encoded message by combining information hiding (typically via some form of transposition) with information spreading (typically trying to make the probability that the next bit in the message is a 1 as close to 0.5 as possible).

    These methods originated in Homer's day -right along with the rules for breaking them. As a result they're the least secure of the publically known methods - and, in fact, I've long thought that they can all be bypassed using the same approach: figure out where the message you have would be in an index produced by encoding all possible messages of some fixed length (chosen as an integer multiple of expected key length) according to all possible keys - then work backwards.

  2. the second kind consists of those constructed on the assumption that one way functions (e.g. it's easy to multiply two prime numbers, but hard to factor the result) actually exist. Public key cryptology is based on this and is currently considered reasonably secure - because no one has announced either a contrary breakthrough in the mathematics or a computer fast enough to make the direct attack practical in near real time.

    Notice that the current process, in which faster computers beget disproportionally longer keys, is ultimately self-limiting for the "near term" reason that errors are proportional to message length and the possible (but not proven) longer term reason that some combinatorial factoring strategies now considered impractical produce sub-linear growth in memory requirements and operations as key size increases.

    (But, FYI, "near term" means growth from hundreds of bits to millions and current processors would, on average, take more than expected lifetime of the universe to factor a 1,000 digit product of two primes by one of today's combinatorial methods)

  3. the third type is natural language - and it's both the hardest to crack and the least understood of the three.

    This is true because there is no known mathematical basis or formal recipe for this sentence.

    Absent external clues, natural languages are not generally susceptible to any known decoding strategy other than those which start with a "rossetta phrase" - the same message in a language we know and in the one we don't.

What makes all this stuff interesting today, however, is that all forms of the same message, whether massaged by sleight of character, provable transform, or whatever mechanism in the human brain generates language, contain the same information - and major breakthroughs in natural language analysis should therefore spell the end of cryptology.

Why? because a star trek style universal translator would presumably take more than one input to hear 2.484564472E24 as "hello World", but would set aside all present efforts to use cryptology as a privacy barrier - making everything on the internet as presently structured directly available to anyone with the software.

Paul Murphy wrote and published The Unix Guide to Defenestration. Murphy is a 25-year veteran of the I.T. consulting industry, specializing in Unix and Unix-related management issues.