Cryptography (was Re: How to protect python code ?)

[A.M. Kuchling]

On Mon, 14 Apr 2003 14:23:03 +0100, 
	Richard Brodie <R.Brodie at rl.ac.uk> wrote:
> In general, yes. Whether experts working in classified establishments can't
> do better than the public state of the art is much harder to quantify.
> Consider the history of PKCS, for example.

To expand on this, someone working for the UK's GCHQ invented the idea of
public-key cryptography in 1973 but couldn't publish it; some of his
co-workers soon invented actual algorithms for implementing it, including
the one now called RSA.  Diffie and Hellman independently invented the idea
and published it in 1977.  (See Steven Levy's book _Crypto_ for a readable 
discussion of this history.)

I doubt that government establishments such as the NSA or GCHQ are miles
ahead of the public sector, though.  Note that the public invention of
public-key was only four years behind its classified invention.  In 1998
three cryptographers found an attack against a version of NSA-designed
Skipjack algorithm that used one fewer round of scrambling; it's unlikely
the NSA knew about this technique, or the cipher would have had more rounds.  

Classified establishments certainly have more money to spend, so I expect
they have big computers and custom-designed chips for trying keys, but I
doubt they have a super factoring algorithm or powerful attacks against 
block ciphers.

--amk                                                    (www.amk.ca)
FLUTE: Nay, faith, let me not play a woman; I have a beard coming.
      -- _A Midsummer Night's Dream_, I, ii