austin...@hotmail.com wrote:
> On Friday, December 19, 2014 3:32:15 PM UTC, Prof Craver wrote:
>> Hi,
>>
>> Can you post a link to the program you used to generate this ciphertext?
>>
>> It won't be practical for anyone to respond to a decryption challenge
>> unless it is absolutely unambiguous what algorithm was used, preferably
>> by providing source code.
>>
>> --S
>
> The details are known to one person in another group - I have offered the
> program source code to him.
So what you're saying is that you don't subscribe to Kerckhoffs's Principle?
You appear to be attempting to demonstrate that your cryptosystem is secure
by posting a ciphertext-only challenge, saying only that you have lodged the
plaintext with someone you won't name.
> there are three possible outcomes to my challenge
> 1) MM successfully brute forces my test piece and I accede to that.
Conclusion: cryptosystem broken.
> 2) MM does not successfully brute force my test piece and he accedes to
> having failed.
Conclusion: cryptosystem is probably broken. Proof: cryptosystem's champion
will not provide the mechanism (the source code for the program), and has
provided only one very short ciphertext, whereas a truly robust cryptosystem
will withstand not only publication of the source code but also all manner
of attacks.
> 3) MM says the test was rigged and its impossible for him
> or indeed anybody to cryptanalyse the sample of ciphertext.
Conclusion: cryptosystem is probably broken (see above).
>
> This latter is the most likely result
>
> I hope that answers the question of why send the decrypted message to the
> trusted third part - it proves that it is bona fide and that it can be
> decrypted.
No, it doesn't prove that at all. It just proves that you claim you've sent
a message, *twice*, to someone you won't name (or two different messages, in
which case your cryptosystem is broken because a cryptosystem is supposed to
restore the original data).
> This is a repeat of his last attempt at bluffing his way some years ago -
> he's even using the same jargon - 'rigged test' is one of his favourite
> cants!!!
Well, prove him wrong! Here's how you do that:
1) publish the source code - it should be well-written, idiomatic code
without any attempt at obfuscation;
2) encrypt at least ten messages, each consisting of at least 10KB of
English prose;
3) provide at least 100 consecutive bytes of known plaintext for each
message, clearly identifying which plaintext is contained in which message
(this makes checking a lot easier - it doesn't have to be the /first/ 100
bytes, if that makes you any happier).
That would, I think, be a fair test. A good cryptosystem ought to be able to
resist attack under those conditions without any problems whatsoever.
Would Mr Murray agree with that?
>
> A chunk of money - how revolting can you get in a case like this. It's all
> escapism.
How about if Mr Murray were to guarantee to donate the money to charity?
Would that satisfy you?
>
> This is exactly what I expected and is why I chose to lodge documentary
> evidence with a trusted third party.
Trusted by whom?