Pure Python Data Mangling or Encrypting
Paul Rubin
no.email at nospam.invalid
Sat Jun 27 13:45:30 EDT 2015
Michael Torrie <torriem at gmail.com> writes:
> Furthermore you cannot prove a negative, which is what proving
> security is for anything but the trivial case. Are you saying this is
> untrue?
I've always thought that there are no two even numbers that when you add
them together, give you an odd number. Are you saying that statement
can't be proven?
> But how does one prove a system is secure except by enumerating attack
> vectors
In the case of encryption, you do a reduction proof to a recognized
primitive like AES. That is, you show that if your system is breakable,
you can transform the break into a break against AES itself. That's the
best you can do at the moment, because the open status of the P!=NP
problem means that no one knows how to prove that any primitive (such as
AES) is secure. The reduction proof means that the evidence for AES's
security also applies to your system.
Of course that's just for the cipher itself. For the entire surrounding
software/hardware/process system which is mostly not mathematical,
you're right, there's no way to (mathematically) prove security or even
to define it.
More information about the Python-list
mailing list