Pure Python Data Mangling or Encrypting
Michael Torrie
torriem at gmail.com
Sat Jun 27 14:34:39 EDT 2015
On Jun 27, 2015 11:51 AM, "Paul Rubin" <no.email at nospam.invalid> wrote:
>
> Michael Torrie <torriem at gmail.com> writes:
> > Furthermore you cannot prove a negative, which is what proving
> > security is for anything but the trivial case. Are you saying this is
> > untrue?
>
> I've always thought that there are no two even numbers that when you add
> them together, give you an odd number. Are you saying that statement
> can't be proven?
>
> > But how does one prove a system is secure except by enumerating attack
> > vectors
>
> In the case of encryption, you do a reduction proof to a recognized
> primitive like AES. That is, you show that if your system is breakable,
> you can transform the break into a break against AES itself. That's the
> best you can do at the moment, because the open status of the P!=NP
> problem means that no one knows how to prove that any primitive (such as
> AES) is secure. The reduction proof means that the evidence for AES's
> security also applies to your system.
>
> Of course that's just for the cipher itself. For the entire surrounding
> software/hardware/process system which is mostly not mathematical,
> you're right, there's no way to (mathematically) prove security or even
> to define it.
Ahh okay. So what he's referring to must be such reductions and proofs of
these provable aspects, though he spoke very broadly.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/python-list/attachments/20150627/bb45e011/attachment.html>
More information about the Python-list
mailing list