Talk:Cryptography/Archive 1

Page contents not supported in other languages.
From Wikipedia, the free encyclopedia

misc issues

Could someone confirm (or change) the date for the publication of AES as a FIPS. It's either 26 November 2001 (as the AES entry states) or 4 December 2001 (when the press release was made).

FIPS 197 shows a that 26 November 2001 date as correct. This date appears both on the page listing it, and inside the document itself. -- Cyrius 03:48, 27 Feb 2004 (UTC)

Why such a spooky number like 2056 bits ? Shouldn't it be 2048 ? Formula for Coke secret was a hoax (see urban legends site), so it's not very good example. --Taw

After some web research (specifically, discussions on sci.crypt) it seems probable that the Iraqi Block Cipher is a hoax. Given that it was added by an IP who went on to make another minor incorrect edit to Ricin I'd say this is intentionally misleading info.

On the other hand, there is actually source for it and you could use it as a cipher - it's the consensus of analysis that it's insecure however. So, perhaps it deserves an actual entry saying as much rather than removing it from the list.

Or maybe we start a new list: ciphers of unknown provenance.


Jeremy -- a 'ciphers of unknown provenance' article is likely to be a tarpit. It would perhaps be better to simply tout folks away from non-publicly known and non-publicly analyzed algorithms, including cyphers.

Taw -- The use of 'formula for coke' is conventional, like the use of 'foo' and 'bar' as meta syntactic variables in programming discussions. The reason for this is that the actual formula for Coke is indeed a secret, knonw only to a few people at Coke in Atlanta, Georgia, USA. I can't explain why 'the formula for Pepsi' (which may also be secret for all I know) isn't used the same way. I don't like either and would prefer to use 'the formula for Squirt' as the example secret to be protected in security discussions, but not many share my taste in carbonated beverages. Perhaps that helped some?


'we might abate the strange CRYPTOGRAPHY of Gaffarel....' 1 st usage/ coinage in English language Sir Thomas Browne 'The Garden of Cyrus' Chapter 3 1658 User:Norwikian

"Cypher" vs "Cipher"

The "cypher" spelling is rarely used, and is pretty much absent in contemporary technical cryptographic writing. Prefer "cipher"?

Special:Contributions/ 00:27, 13 Oct 2003 (UTC)

All of my cryptography books use 'cypher'. Perhaps this is a difference in spelling between you former colonials and the rest of the world? :-)
James F. 22:29, 16 Oct 2003 (UTC)
If so, cite references..!
Schneier, Applied Cryptography -- uses the word cipher.
Special:UserContributions/ 07:14, 17 Oct 2003 (UTC)

Other books which spell it "cipher":

  • "Handbook of Applied Cryptography" -- Menezes, Oorschot, Vanstone
  • "The Codebreakers" -- David Kahn"
  • "Cryptanalysis" -- Helen Fouche Gaines
  • "Cryptography and Network Security" -- William Stallings

Plus the proceedings of the cryptographic research conferences (CRYPTO, EUROCRYPT, etc)

Who doesn't spell it "cipher"?

-- anon

anon - Some large percentage of English speakers don't -- they use, or sometimes use, cypher instead. Some authorial names in the field include Cypher. I don't, usually. And the original use of the word in English, in the 1600's, was 'cypher'. There are similar spelling issues with many words which have changed spelling since thier first use, or which have changed spelling -- only in a part of the English speaking world -- from a well established one earlier. In the particular case of the American variant of English, much of the difference in spelling between British English and American English appears to have been due to political motives on the part of Noah Webster, the most influential of the early American dictionary makers. His policy was to use spelling (and changes in spelling) to differentiate between British imperialistic practice, and virtuous ex-Colonial practice. It was a a sort of political correctness of its time. Too bad he didn't go farther and adjust the spelling to match pronounciation.

For the moment, I'll stick with 'cypher'.


Everyone has now settled on "cipher", surely?

ww - which authorial names are these? Every author I can get my hands on, both from the UK and the US, spells it "cipher". "Cypher" may have been used since the 1600s, but it certainly isn't the dominant spelling today. I'm a crypto researcher in the UK and everyone here spells it "cipher". A similar case is "computer program", which is historically "computer programme" in British English, but everyone has standardised on "computer program" now. "Cypher" is reminiscent of hacker leet-speak...

I agree - cipher is the common modern spelling, some people do spell it cypher but they are in a minority.
For the count none of the crypto books I have use cypher, in addition to the above mentioned Ross Anderson's Security Engineering, Douglas Stinson's Cryptography: T&P, and Nigel Smart's Intro to Cryptography all use cipher.
Historically "cipher" take precedent as well with Gardiner (1528), Fleming (1587) and Bacon (1605) all favouring it over "cypher".--Imran 16:13, 3 Dec 2003 (UTC)

removal of cipher/cypher observations from article text

Moved from main page:

There is also some tension between fans of two spellings of cypher (the alternate is cipher). Much of the world uses cypher; American writers seem to prefer cipher. The cypher spelling has historical pride of place in English, having been first used in Elizabethean times.

See above discussion, please provide evidence before reinstating it to the main article. Thanks --Imran 01:34, 4 Dec 2003 (UTC)

Ahem. The text itself also includes, or at least included:
This and related articles in the Wikipedia are sporadically revised by those with strong opinions on the spelling question.
... which was much of the thrust of my removal; whether or not you or I think it is 'correct' to use one form or the other, disregarding comment as to their usage seems to me to be, at best, somewhat incongruous with the way that much of the rest of the Wikipedia has been written. Apart from anything else, to use the (personally reviled) 'Google test' indicates a 2:1 showing in favour of the deprecation of the 'y' in favour of the 'i', which is far too close a match to fail to mention, IMHO.
As for 'proof', all lecture series that I have attended as to the subject use the traditional spelling of the word. But widespread usage is obviously not a high enough standard of evidence in this court; I apologise so very deeply for this.
Obviously, I won't revert the reversion of the removal, for fear of precipitating an edit war, but I really do think that the comment should be kept in the article.

~ James F. (talk) 03:42, 4 Dec 2003 (UTC)

I don't follow a prescriptive school of thought when it comes to spelling, but in this case while I accept that cypher is used, cipher is by far the most mainstream spelling both in academia and in popular usage.
As for the google test the results are being skewed by both cipher/cypher being used outside of crypto. Searching for cipher/cypher+cryptography reveals a ratio of 15:1. Searching CiteSeer reveals cipher is almost universal.
On the traditional note as I pointed out above cipher was the original spelling, with cypher becoming a popular variant in the late 18th/early 19th century.
I've attended a number of seminars & lectures on crypto presented by people from the crypto research groups of Cambridge/Bristol/Royal Holloway/etc and I don't recall ever seeing cypher used over cipher. If you could give some details who the lectures were given by or which books use it, it might help pinpoint if it is a regional variant. --Imran 05:12, 4 Dec 2003 (UTC)
Lectures at the University of Warwick, both by a Russian and a Briton. The books recommended, however, nearly all used the 'i' spelling variant.
My point is that the history of the word might be worth putting in, not that a systematic purge should be made to convert all of the spellings from one variant t'other.
James F. (talk) 07:34, 4 Dec 2003 (UTC)

I agree with Jdforrester in his comment above. It is clear that by now the majority of writers employ cipher, but some still use cypher. Noting the spelling variation is a grace note in the article and harmless. It is also perhaps less than harmless in that some readers may see the spelling variation as meaning something obscure to them. They are unlikely to see such an obscure meaning in such variations as color and colour, hue difference being a (mostly) non-technical common experience. There is little common sensical about crypto and those new to it deserve, in my view, as much help as they can be given. I think the original comment about spelling (with the warning about revisions) should be reinstated. A bit of humor (or humour) should not be unwelcome either.


What do people think about standardizing this page to cipher (as at the moment it's a mixture of cipher/cypher), and adding a note about alternative spelling to cipher ? --Imran 23:37, 4 Dec 2003 (UTC)

Imran -- I've just noticed your citation of some 16th cent spellings of cipher in English. Sorry it took me so long. My impression had been that the first use was cypher and was by Wilkins (?) late in the 16th or early 17th cent. With antique citations for both spellings, perhaps we should all concede that there was no definitive spelling early on (in fact the Elizabethans seem to have spelled everything several ways), and likewise concede that there currently two usages, one more common than the other.

It's still funny, and not over important -- except for possible confusion in newcomers. Remember Winston Churchill's comment that the US and UK are two great nations separated by a common language. In this case the separation seems to be spelling. GBS would have condemned both sides I suspect. Recall his spelling of fish as ghoti, according to common usage precedents. I think he was basically right, but we're stuck with it all.


I think I've tracked down an explaination why some people might be using cYpher, the UK's WW2 cryptoresearch organization was called the "Government Code and Cypher School", which has resulted in people talking about the "Enigma cypher" hence slightly popularizing the more uncommon spelling. --Imran 20:24, 9 Dec 2003 (UTC)


The Royal Navy also used that spelling during the Interwar period (and probably earlier, I suppose) in official naming. Royal Navy codes (some of them superencrypted) were termed Cyphers. And a mistake during a Middle Eastern exercise in the '30s gave German cryptanalysts a very large leg up in their efforts against Royal Navy crypto.

It's still amusing, and worth noting as a grace note in the article.


again, cypher v cipher (elsewhere, these times)

The cypher vs cipher question has arisen again. See an exchange of notes in User_Talk:SpellBott for the details.

And yet again. See Talk:Lorenz cypher for the details. Even more strongly felt this time. ww 20:33, 18 Apr 2004 (UTC)

And yet again again. See User_talk:Wmahan/Articles_with_common_misspellings#Cipher_v_cypher ww 17:33, 11 May 2004 (UTC)Reply[reply]

To reiterate, it's happened yet another time. See User_talk:Fredrik at '..cypher.. vs. ..cipher..' ww 18:38, 24 May 2004 (UTC)Reply[reply]

Still more, evoked by above, it seems at Wikipedia:WikiProject_Cryptography/Cipher_vs_Cypher. This is the most formal, and ambitious, treatment yet. Comment was invited at the Village Pump at Spelling question: cypher v cipher. ww 20:42, 25 May 2004 (UTC)Reply[reply]

informal language bad

I have undertaken to regularize and simplify some of the language in the first portion of this article. In particular, I have removed the words "garble" and "gobbledygook" from the first paragraph. Though these are somewhat valid descriptions, they gave the article a hokey feel, as did the later use of "marketing blather", etc. If anyone disagrees with me on these points, please feel free to change it back. Or better yet, explain why you intend to change it back, then do so. Dachshund 18:50, 11 Jan 2004 (UTC)


Sorry to offend by sounding 'hokey'. The terms were mine. In hindsight, blather may have been unfair to advertising folks, though I still tend to think it's over generous.

On the choice of garble and gobbledygook, the intent was to stress, without going into it quite, that cyphertext should be indistinguishable from random noise -- as a technical goal -- and, save for such considerations as pronouncability or vowel inclusion in such things as cable codes, codetext should do the same. Both are honorable members of the English lexicon, though perhaps without as much posh as some might prefer. I also thought they had the additional virtue of adding a touch of informality to a topic that too often disappears into a fog of abstraction.

Perhaps this will help?


booklists belong elsewhere


I applaud your motives in shortening an article which is somewhat lengthy by identifying chunks which could be put under another rubric and deleting them. However, in this case, I think your zeal has been misapplied.

The book list (at least the original one appended to the note of warning) was specifically (1) brief, (2) chosen from amongst well written books (3) chosen from amongst reliable ones and (4) annotated specifically for the purpose of guiding article readers (assumed to be non crypto sophisticates) in a responsible way into the field.

As such, it was not a general book list, which is what I fear you assumed. Your decamp to another article has done violence to the specific purposes for which the list was assembled and annotated. I suggest it be returned, and invite comment from others on this point.


While I agree with the criteria/purpose of the list on this page, I think it was getting too long and getting longer. An alternative idea might be to cover a couple of mainstream crypto books on this page (say Applied Cryptography and the Simon Singh book) and refer readers to Books on cryptography for th elonger list (which should include annotations giving a clear guide to technicallity, accuracy, audience, etc. of the books). --Imran 02:57, 14 Feb 2004 (UTC)
I agree that the list was getting too long, and had acquired some not very distinctive items, I think the solution to that problem would have been to prune it some, sending the pruned items, perhaps to an other books page, rather than deleting the entire list. This article is what I would call an article of first reference, and it would be reasonable for many readers of such an article to list a few good references, with annotations. Just as you agree seems reasonable. That was the reason for the list as annotated, which was mostly my work. I included a full bore mathematical treatment, with warnings; a sort of technical treatment, again with warnings; an historical book; and an easy but responsible introduction. That seemed to me to be a reasonable selection in such an article. How to maintain it as such w/o edit wars was a question. And to further serve the reader of a first resort article, I wrote the general warning intro.
So, how to do the reasonable thing? I invite suggestions.

when and whither frequency analysis?

On the topic of frequency analysis, I recently read that a manuscript was found in the early nineties which dated from c. 750 AD which described the application of statistics in cryptanalysis. It gave a reference of a paper in Cryptologia,

al-Kadi, Ibrahim A., Origins of Cryptology: The Arab Contributions, Cryptologia, Vol XVI, No. 2, April 1992, pp 97-127.

Unfortunatly my university library doesn't have the 1992 volume of Cryptologia, so could someone who has access to it look up the details and include them in the article. --Imran 14:16, 16 Feb 2004 (UTC)

Imran, My understanding was that no one knew when frequency analysis was invented nor by whom, but that it was known to have been in use by about 1000CE. I'll try to chase down the Crytologia reference (in my copious spare time) and get back. No guarantees, though.
I wonder where the 1000CE figure came from, I've seen it mentioned (unsourced) in a number of books. However Kahn's Codebreakers only refers to it existing around the fourteenth century, he specifically mentions a book, "Kitab al-mu'amma" written by Al-Khalil in the eighth century in which a greek cryptogram was broken without frequency analysis (the author used trial and error to guess the opening sentence) using it as evidence that frequency analysis wasn't invented (or at least well known) at that time.--Imran 17:22, 17 Feb 2004 (UTC)

cryptology duplicates cryptography? a merge proposal

We seem to have some duplication between this article and Cryptology, anyone have any opinions what we should do about it ? --Imran 18:17, 21 Feb 2004 (UTC)

Hadn't noticed that until you pointed to it. There isn't much reason to have both, I would retain cryptography and change cryptology to a redirect. As to content, cryptology is essentially a subset of cryptography, and in my view not as well structured cryptography as an article of first resort (see comments somewhere above for this). Perhaps it would be worthwhile to locate the non-subset items and transfer them to cryptography?
While arrangements are being reconsidered, we might also think about changing 'list of topics in cryptology' to 'cryptography glossary' or some such, and keeping it up to date as changes are made. It would be useful for readers, I think, though not a substitute for contextual overviews, of course.
Comments? Other suggestions? Anyone?
Yup, cryptology should be merged. I noticed it a few days back, made a mental note to merge and forgot about it.
'Cryptography glossary' sounds like a good idea. However, I'm not sure if it can replace List of cryptology topics. We wouldn't want glossary entries for people, for example.
-- Arvindn 16:29, 26 Feb 2004 (UTC)
While prowling around, I finally noticed that 'List of xxx' has special meaning (within MediaWiki?) as a special sort of WP page. So the idea to call that page a 'Cryptography glossary' appears to be a sort of non starter. However, it should certainly be called 'list of cryptography' rather than '... cryptology', but this raises a collison of sorts with the 'Topics in Cryptography' article which has now acquired something of a life on its own as an 'analytic glossary' if such a term there be. I still favor a 'crypto glossary' (but now perhaps as a pointer to the 'List of ...' page since the name stands.
As for the no glossary entry for people, well... There might be Shannon entropy, or Shannon's Maxim, or Kerckhoff's Law, or Caesar's cypher, or ... What could be done about them? And there should surely be an entry pointing to 'List of Cryptographers'!
On aspects of the proposed merge. *1*) the ...aphy article now takes the position that cryptography is a large topic (w/ organizational, policy, training, motivation, threat context, computer system architectural and management, resource allocation, ... aspects) not limited to engineering considerations. Doesn't cover it well, but no reader should be able to go away without some innoculation that there's more than getting the code to compile correctly. This should be retained, for it reflects a quite real though less than commonly/adequately stressed perspective valuable to users and deployers and critical to successful crypto operation, *2*) the ...ology discussion re: science v art v engineering is philosophically interesting (once) but doesn't belong in an article of first resort like the instant one, *3*) some of the content might belong in a 'cryptographic engineering' article which would I think start at a more technical level and talk about Shannon entropy and such (in fact, now that I've explicitly considered it, I explicitly/strongly favor it), *4*) the para in ..ology about crypto systems should end up in an article on crypto systems which would have a design/architectural perspective. I am planning one such (an empty link has existed for a few weeks), but would not object to assistance. There is already brief coverage of the significance of system in the ...aphy article, though too brief as it stands for an article of first reference. Perhaps two more well crafted sentences???...., *5*) ...ology talks about vulnerabilties briefly (and not over well I fear) and ...aphy doesn't enough. Choosing, deploying, using crypto (all the sorts of thing a reader of an article of first resort will often be thinking about) REQUIRE some thought about threat and the balance between crypto quality (many metrics here) and possible threats (very hard to convey that 'your idea of who might be interested' is inadequate as a threat profile. Related to characteristic/universal human failure to evaluate risk correctly as per Khaneman/Tversky and cognitive economics?). This rubric should at least be present (certainly not in very much detail, but in definiteness/clarity of statement so readers don't mislead themselves in a very common way) in an article of first resort. I've long thought there should be an article something along the lines of 'cryptanalytic engineering' or 'threat analysis' which would provide some structure (but not the technical detail!!) for thinking about such things. Haven't written one because other stuff is easier, I supposs.
Enough, this is too long.

Special meaning? I wasn't aware of any?! In case you mean related changes, that's not specific to 'list of xxx', just applied to those articles by convention. Is there some other special meaning?
Why not just extend Topics in cryptography into a glossary? We don't want 3 lists on the same subject!
-- Arvindn 18:18, 26 Feb 2004 (UTC)

Splitting off History of Cryptography

Cryptography has got one of the most interesting histories of any academic subject I can think of. The cryptography page has a lot of good detail on this history, and it's interesting to read. However, I think there's so much detail that it clouds the article's presentation of the subject as a whole. We shouldn't try to curtail the detail, because it's interesting, hence I suggest we split off the details into a "History of cryptography" article.

Of course, we should still provide a concise (albeit less colourful) overview on the main page. In addition, a lot of the history introduces key crypto topics and concepts, which would need to be untangled.

What do you reckon?

Matt 18:06, 11 Mar 2004 (UTC)

I reckon too much has been removed. With the material removed has gone any account of the difference between traditional crypto (ie pre 76) and modern crypto (ie, post 76). This is too important not to have in an article of first resort as this one is. I agree that a history of crypto article would be well, but the urge to subdivide and expand leaves no starting point -- a necessary thing for many readers.
What do you reckon?

Yes, the article definitely needs a history section; I think this would best be something other than a "reader's digest" of the old history material, though. Matt 03:25, 12 Mar 2004 (UTC)

Too much elided

As the article stands at this writing, it is essentially a stub. The reader will not learn (except by following pointers) of the significance of recent (25-30 years) developments in cryptography. The reader will also have not even the briefest sense of the history.

The reader of this article is, almost by definition (in fact, by definition) looking for an introduction and an overview. It certainly should not be a hardcore introduction to the mathematics of information theory or logarithms in a finite field. Or even factoring theory and practice.

The reader of this 'first resort' article now will find only an admirably brief -- but nearly actual content free -- article. I believe, strongly, that this is inadequate. Too much mathematics is wrong for such an article, and too much refer 'em elsewhere is also wrong. We should not be writing articles (at least at this level) whose purpose is to direct readers to more complete coverage of assorted subtopics. Readers deserve an adequate overview (brief of course) and after that overview, the choice to move on to more complete coverage as directed by newly acquired perspective. As things stand at this writing, readers will have not the vaguest sense of what public key algorithms are nor why they're important. They will have to guess, jump to the link, and perhaps get more than they bargained for (or less -- without the context which is the point of an introductory summary to provide).

The changes in the last few days have decreased the quality and usefulness of this article. They should be corrected.

Comments from others? From Matt Crypto in particular?

ww 22:55, 11 Mar 2004 (UTC)

Yes, the article should be (urgently) improved. I think the detailed history needed to be excised; it is too much to keep in the main article, but it would be difficult to strip it down without losing a lot of the interesting stuff. I strongly agree that the article needs much reworking without it. There is a sense that readers have a less useful article (for a brief time, I hope), but only in the sense that they have to click on a link to get to part of the old content. Other points; yes, steer clear technical and maths stuff in this article. Agreed that a description of public key vs symmetric key, etc are needed. I certainly agree that the page needs to be a concise overview of crypto (incl. most definitely history), yet linking to more in-depth articles as appropriate.
(Sorry I didn't reply earlier, I lost connectivity for a while right after I split off the history section.) Matt 03:25, 12 Mar 2004 (UTC)

Matt wants to elide more!

Sorry... A suggested new schema for the article: Suggested. A lot of the article would be pruned; currently, there is a lot in the article that is pragmatic advice/warnings etc. which I think would be better elaborated in the Crypto Engineering / Cryptosystems articles. Matt 06:52, 12 Mar 2004 (UTC)

I agree that the warnings are more relevant in a cryptosystem article. Not so sure about separating the history. What better way to introduce a technical subject to the nontechnical reader than present it in the order in which it was discovered? -- Arvindn 07:30, 12 Mar 2004 (UTC)

The problem for me with a historical presentation order is that today's cryptography makes most of early cryptography largely irrelevant (although interesting). Some readers would be interested in a historical development, but anyone reading to find out primarily "Where are we?", rather than "How did we get here?" would have to read a lot of extra material. In addition, I think crypto is a multi-faceted topic, very much a loose federation of different strands. to take a historical approach hides a clear presentation of those facets; I think it would be better to make detailed history optional, and instead have the article take a brief(ish) tour around the various topics. Matt 08:03, 12 Mar 2004 (UTC)

Matt, In an article of first resort such as this is, it is not desirable in my view to so truncate the "obscure stuff" that the reader acquires no context within which to understand the significance of the subject. Authors are (if they are to do their work well) obliged to take into account the reader for whom they are writing.
Your suggested schema strips away just that context. I think your goal is to remove 'irrelvance' and that's a Good Thing, but the fundamental problem is that one reader's irrelevance is another's vital context. The goal I have been trying to nudge this article toward for quite a while is 'enough information to provide context to the reader' while 'not much detail on any particular point'. Thus far, I think you would agree. Implementing this policy has clearly provoked disagreement, and is thus harder. The amount of historic detail was almost nil (about 2 paragraphs, with no explanation in detail of anything, but some mention of context, consequence, and significance), and the rest of what you have excised was designed to provide enough context (regrettably it's a necessarily technical, though not much) to understand the significance of the developments which have produced modern crypto. Your elisions have removed essentially all of that context. It is inevitable that a fact is useless without the context within which to make sense of it, and something with which we must cope. Thus, to say (entirely accurately) that "aymmetric algorithms are very important" is to simply miss the point. The reader cannot understand even a little of the significance of this without some sense of what an asymmetric algoritm is, how it is that it differs from other algorithms, and what difference that has made (and makes) to actual cryptographic practice.
As for 'pragmatic warnings', well... The entire point of crypto (sine qua none) is security (in one dimension or another) and that depends wholly on the balance between implementation/use/design and the resources/knowledge of The Opposition. Since crypto implementation/use/design is essentially opaque to all but experts, and the resources/knowledge of The Opposition is inherently unknown, any user/observer of crypto is in a serious bind. No observation of the black box behavior of his crypto system will help (eg, for encryption any observable non randomness is evidence definitive of incompetent crypto, but absence of observable non randomness is no positive sign of quality at all but only of meeting some relatively low level necessary condition), and even expert level understanding of the implementation/design of the system is insufficient as well since the other half of the problem (ie, The Opposition's resources/knowledge) is unknowable. People don't generally handle such situations with enough good sense to rely on; history provides an abundance of examples. For those choosing/considering crypto, it is a point not well appreciated (humans really truly like answers, not unknowable/contingent possibilities, and everyone thinks themselves brighter than the average bear and so able to make a reasonable evaluation...), and so any competent discussion of crypto must necessarily make this point. It is a point which must be made early since it is critical to even the least technical understanding of the place and potential and worth of crypto generally, much less for any specific crypto system under consideration. The plenitude of snake oil crypto, and the implausible crudity of so much of it, demonstrates that users/choosers/deployers are in need of innoculation against crypto trash. In order that the point when made be not 'too abstract' (and so invisible to many readers), it must be pragmatically made, with examples.
On to 'cryptology' and 'cryptosystems'. The article crypto system is an attempt to illustrate the significance of system design for crypto problems, and is intended to replace cryptosystems. An explanation of cryptographic engineering in actual practice, as it were. Neither is finished, nor perhaps even much begun at this time. The article cryptosystems will be replaced by crypto system. As for cryptology it will be redirected to cryptography after its content has been merged. See the discussion above in Talk:Crypotgraphy and the discussion as UserArvindn:crypto. The discussion of how to improve and rationalize these articles is well advanced. I, for one would welcome your participation.
On to 'brevity'. Brevity is good. I like it, try for it in my writing (here on the WP and professionally) and am rarely happy that I have achieved it. But, as Einstein is claimed to have said, theories should be a simple as possible, but no simpler. For some situations/audiences, a brief account can be a single sentence -- and the more technical the audience, the shorter that sentence can be. For other situations/audiences, a brief account will be longer, perhaps much longer, because the reader/listener does not already possess the vocabulary which supports the single sentence. This point can be cast in Shannon entropy terms, and would be much shorter, but if it were most people would miss it entirely. Your schema, while well meant, is wrong for an article of firest resort like this one.
Until some stability is reachieved, I have remove the nomination of this article from the candidate for featured status list.
ww 16:14, 12 Mar 2004 (UTC)
A little comment about the warnings thing (although we've argued at length about this and didn't get anywhere; Matt, you might want to see User_talk:Arvindn/crypto). If we could cull it into a section like 'Implementation of cryptography' rather than the article reading like one big warning (I'm not implying that that's presently the case, but its halfway there), that would be nice. -- Arvindn 16:56, 12 Mar 2004 (UTC)
Arvindn, I think I could live with something like that. Maybe that's the middle ground on this point?? ww

ww &mdash I disagree with you because:

  • cryptography has too many disparate subfields for it to be feasible to discuss them all with enough context in one article. Note that the current article, even with the history, misses out cryptographic hash functions, stream ciphers, crypto RNG, MACs, cryptographic protocols, quantum cryptography, digital signatures etc. To discuss these all to an equivalent depth would increase the length drastically (and it was too large already).
  • In any case, I think that the history of cryptography is, at best, only a mediocre context for understanding the current field of cryptography. Terminology is the same; there are a handful of pragmatic principles that are the same (e.g. Kerchoff's principle), but most of it is unilluminating. By analogy, you wouldn't include two pages of text in an Aircraft article about why ornithopters were once in vogue but are no longer used.

I agree that Cryptography, as an article of "first resort", must be more than a collection of links to subtopics &mdash we surely can avoid something like mathematics. However, I think to provide an adequate, didactic context for all the subtopics is unachievable unless we really want a 100k monster-article. I think the only solution is to discuss all the major areas of cryptography to a relatively small degree; emphasise the few common concepts, and rely on the subtopic pages for detail and context &mdash an interested newcomer will go there anyway. Matt 20:44, 12 Mar 2004 (UTC)

Major reworking of cryptography

Further to the previous discussion (which, admittedly, reached no consensus! It does seem to have stalled, though...) I've gone ahead and switched the cryptography page with the suggested new schema. I think this improves the page because:

  • It covers a somewhat wider selection of topics.
  • The various topics are (more or less) covered to an equivalent depth; that is, not very much depth at all! Rather, the reader is referred to subpages.
  • It's more concise, which (IMO) makes it a better starting page for people looking at crypto topics.
  • The article avoids having lots of pragmatic warnings, which I think are out of place for an encyclopedia article (in contrast to a "HOW-TO", for example).

Matt 04:42, 15 Mar 2004 (UTC)

The discussion has not stalled, at least from my perspective. You seem to want (think, expect, ...) it to go faster than it can. I took the
weekend off, for instance.
As to consensus, that's harder to decide about. The rather wholesale changes you've made at this writing are more reasonable, in my view, than I'd
expected. However, I think there is too much time spent on unnecessary stuff in such an article, which is, more or less, the main criticism you
had of the article as you encountered it orginally if I understand correctly.

OK, fair enough. Which things do you consider unnecessary / overexplained? I actually think there's still omissions and underexplanation in places (e.g. secure RNG, signatures...).

Arvindn and I, with some others, had already begun a rather major revamping of crypto and several other articles. Do you want to cooperate in this
effort? Do you wish us to follow your lead? Or...?
Comments, reactions...
ww 14:50, 15 Mar 2004 (UTC)

cooperative alterations?

Sorry if I've gone about this the wrong way; I'm a newcomer to Wikipedia, and I'm still trying to sort out how to balance principles like Be bold (and crypto isn't a particularly controversial topic...) with collaborative writing. I do think that the current version makes for a better cryptography page than, say, the old cryptography. I think cooperation is good, but that carefully forging agreement on detailed changes (ala User_talk:Arvindn/crypto) should be a second resort; i.e. make a change, and if anyone objects, then discuss it.

Of course, revamping the entire page is a different matter...

I guess the issues that we disagree on are:

  • This page should proceed using a historical presentation of cryptography (I think no).
  • This page should provide a great deal of detailed "didactic" material or context (I think no).
  • This page should carry large numbers of pragmatic "health warnings" about crypto (again, I think no).

(Though I think this content should be, and to some extent is already, elsewhere.)

Perhaps we should try and reach consensus on these major points? (Or others),

Matt 15:57, 15 Mar 2004 (UTC)

Let me start with the three points you made. I agree, wholeheartedly, with the first 2. (The kicker is, of course, whether this or that is 'an historical presentation' or 'didactic'. On which there is likely to be some disagreement amongst those who care enough to put the time in. It's a universal human characteristic.) You may have missed something here in your understanding of my perspective.
We disagree on the third point, or appear to. My position on this has been made clear in the discussion with Arvindn, which you've apparently read. And is (in embryo form) being developed at cryptographic engineering. BUT, I think there is less disagreement on this point than appears. But, I do disagree that the ornithopter analogy is apposite. Some other, maybe...
On reaching consensus... Well yes, it's WP all the way. The crypto article you first encountered was 1) literate, 2) without errors of fact (at least I tried to keep it so and I think others, including Arvindn and Imran, and JDF, did so as well), 3) somewhat rationally organized. As such, BEING BOLD is probably best somewhat restrained as there was evidence that someone had been keeping track of things, and in any case something reasonable already existed. A different article, without those virtues (ie, w/ poor organization, lots of plain errors, unlitterate) would have required/demanded a considerably different degree of BOLD. It was because the article had seemingly settled down (though there was some ongoing work on how to handle a booklist) that I nominated it for "featured article" status. That evoked a comment from Arvindn (who had been working on crypto related articles for sometime as well), and in an attempt at a consensus on improving an already good article we corresponded for a while. When it seemed we'd gotten somewhere, or at least far enough to have at it, Arvindn went ahead and made some edits (keeping virtues, modifying smallish vices, and adding more virtues). To which I had begun to reply, when you appeared and the work Arvindn and I had done became, it appeared, moot. And that's why I withdrew my nomination of the article.
Opinions differ. It's the nature of the beast. As you can see from the discussion with Arvindn, and by reviewing say, Talk:Cryptography, or Talks:Books on Cryptography, they differ in this specific case as well. When they differ, how should one proceed? If the difference is one of fact (eg, Charlemagne was crowned on Christmas Day (or not)), a resort to authority (or calculation from theory if appropriate) might be sensible. If the difference is one of style/emphasis, no solution is possible, only a compromise between viewpoints. If one side is unable or willing to explain/defend a viewpoint, not even that.
In the case of the 'old crypto' article, your qualms have had, as nearly as I can see, a stylistic/emphasis basis; you were not suggesting that there were errors of fact. Enforcing one's own sense of style w/o discussion, or response to others' reasoned comments, cannot -- in the nature of things -- lead to compromise nor to agreement and certainly not to concensus. And since WP works by leaving "everyone hostage to everyone else", edit wars and revert wars easily spring up in such situations. Wales/Sanger/et al have made a fundamental decision to accept that downside; it's up to those of us involved to make do and I suggest that BOLD must necessarily be interpreted carefully to suit particular contexts in so making do. Wales et al have made a bet (and those of us participating have doubled down) that cooperation is sufficiently human that the result will be a Good Thing. So far, with some Clausewitzian friction (of which this may be an example), I think it's more or less worked. Now I wish someone would forward me my share of the winnings!
If you will look through the page history of Cryptography, you'll see that a few people have made long term efforts to maintain (improve, even) it. To stop the vandals, to clean up misperceptions, clarify, etc You are joining, I trust, that effort. If so welcome. Let's discuss, let's avoid edit/revert wars, and let's produce a quality article (articles).
ww 17:45, 15 Mar 2004 (UTC)

ww &mdash Thanks for taking the time to explain some of the background to the page. Just to reply to a couple of points here: the new page is a (heavily) edited version of the old page, so the previous work of yours and Arvindn's is not entirely "moot". Certainly, though, there were some paragraphs removed outright, but I think that they could well be used in cryptosystems or cryptoengineering, and so on. I'm sorry, anyhow, if I caused offense by bypassing your and Arvindn's efforts &mdash can we blame it on overenthusiastic newbieness? I hope we can work together to polish Wikipedia's crypto* coverage. See also replies to Arvindns post below. &mdash Matt 20:50, 15 Mar 2004 (UTC)

Matt, Offense is not, I think, the point. Nor is, or should be, blame. A good WP article(s) is, however. The organization of the old article was carefully polished to achieve particular points, and the new one has lost those points by and large. Some of those points were made in the history chunk you removed. They will, I fear, need to made again somehow. I'm personally pleased that you'd like to work together, so let's have at it.
Incremental, cautious, change having gone more or less by the board, I would suggest that we (you, me, Arvindn, Imran, ...) try to agree on those points which ought to be covered in an article of first restort, throw the rest into other articles, and then write to cover those points. There will, I am hmmm confident, be the occasional stylistic divergence, but so be it.
ww 15:03, 16 Mar 2004 (UTC)


Your reworking is pretty good, and I think we should address our concerns starting from this point rather than going back.

ww &mdash would you be OK with this? If nothing else, the article is shorter, which means it can be reshaped more easily.
True, shorter means less effort typing and thus is good. It may mean more architectural effort, however; that may be painful, and thus may be bad. Let's see how it goes. ww

As for history: example of why I think it would be a good approach: early on we would talk about substitution and transposition ciphers, which are very easy to understand. Then, when we come to DES, the beginning of modern cryptography, we could mention that it is essentially a composition of several operations which are mostly transpositions and substitutions. The reader gets the feeling of being 'in' on something. Don't know if I've expressed myself very clearly.

Exactly. ww

Anyway my opinion is that there should be more history, not that the entire presentation should be historical.

I agree that adding history to give context and act as illustration can be a very helpful way of improving the crypto stuff throughout Wikipedia; however, I would be more cautious about adding it liberally to the cryptography article. If this page is to be a narrative "whistestop tour" of crypto topics (as I would argue it needs to be), then the history (outside of the actual history subsection) needs to contribute to that in a clear way. I would suggest that to qualify it must directly help motivate or explain some topic, and be brief.
"Throughout WP" is opaque. What do you mean? I would be opposed to making this article 'a narrative whistlestop tour' of crypto topics on the grounds that the subject is twisty twisty twisty and a reader deserves some conceptual (brief, of course) untwisting. Such a tour would I think inevitably end up as a link collection. Even if annotated. ww

About warnings: you meant 'health warnings' as a joke, but:

  • I attended a talk by Shamir about a month back, and he was talking about the death threats he used to recieve in the 80s from the CIA (maybe the NSA, not sure on that point)
Probably NSA or the FBI. There was also an absurd "tell us everybody you spoke to during your lecture tour so we can control the knowledge , or we'll charge you and try you" exercise against Shamir and colleagues. I'll pass the details otherwise than here if you'd like to hear them. Kafka redux, and redux again. ww
  • Cryptanalysts in the US who study commercial devices can apparently be arrested under the DMCA?
Yes. Particularly if their work can be construed as 'an attempt to circumvent'. Construal can be by attorneys (w/o any understanding of either technical or technical/cultural matters), ie by prosecutors looking to earn a high conviction rate. ww

I've heard that a cryptanalyst can be prosecuted under DMCA if they publish a method for breaking copyright protection mechanisms. There was the case of someone with a name like "Dmitri Skylarov" who ran afoul of this.
That's exactly what happened with Skylarov. See the WP article on him. Both Alan Cox (long time nr 2 to Linus Torvalds) and Niels Ferguson (coauthor of Practical Crypto with Schneier) have publicly noted that they will not do (or discuss) certain crypto and other work for fear of being arrested if they visit the US. Prof Felten (Princeton) and students has been threatened with suit under the DMCA for pubishing or discussing research he (they) have conducted. See Felten's and Ferguson's web sites for more. See also WP's Digital Rights Management. It's a dog's breakfast, and caused mostly by poor quality thinking in and around crypto. ww

The other day I learnt that the government of my pathetic country has a rule that all crypto used in military agencies should be unpublished.

A wise entertainer, Steve Allen, wrote a book about this sort of thing. The title is Dumbth, which just about covers it. Sorry to hear you folks have similar troubles. Shakespeare would have had something memorable to say about this stuff. I can only scream and pull out some more hair. ww

To ignore all this and to present crypto as a Platonic science would be a pretense and an injustice to ourselves. I wouldn't mind there being more warnings (perhaps phrased differently, such as pointing out the flaws in the popular view of crypto).

Exactly. ww
OK, I could get on board with the idea of including brief (my favourite word...) comments on how a dry, scientific concept, such as "cryptanalysis" interacts with politics and, well, people's lives. Providing people with "reasons to care", as well, as "what subfields crypto has" is important in a overview of topics, and I think this article lacks that currently. However, that is slightly different from actual advice, including warnings, which I think should be rare, if not absent, in an encyclopedia. &mdash Matt 20:50, 15 Mar 2004 (UTC)
I agree that a (brief, !) section on crypto and politics should probably be in the article. I've been dodging it for a long time, but MS Longhorn will probably force all this to the foreground for almost everyone, and my cowardice/dread shouldn't limit a WP article. ww

As for not being didactic, I agree with you of course.

And so do we all. ww

PS: got into an edit conflict with ww, which means that I haven't read ww's (as usual huge :-) comment before posting this.

Sorry about that. ww

Arvindn 18:10, 15 Mar 2004 (UTC)

The Opposition etc

"Those who wish to use cryptanalysis (or burglary or extortion) are not generally identifiable and are generically referred to as The Opposition, The Adversary, or The Enemy."

I've two problems with this: 1) I don't think these terms have a specialised crypto use, and especially not capitalised, 2) the meaning would be obvious anyway. Matt 17:06, 16 Mar 2004 (UTC)

Matt, They do have a crypto use, capitalized or not, in discussions of the contest between cryptography and cryptanalysis/burglary/extortion/... Often they are put in terms of 'Eve' and 'Mallory' for ease of discussion.
Yes, Eve and Mallory (and Alice and Bob) are common names for principals in crypto protocols. Rarely, "the Opposition", though. They don't have a special technical meaning.
Edit conflicts have thrice lost my attempts to reply to this point. I will try again some other time. Thus far, I seem cursed....
Yet another try... Let's recall Shannon's Maxim in which the enemy was used in exactly the sense meant here. Pretty good authority, eh? I don;t remember whether any of the accounts of his observation used capitals, though. The literature is shot thru with similar uses of all three, some capitalized. But the problem seems to be 'special technical meaning'. What's wrong with using a term w/o such meaning, if the effect intended is achieved? We are here serving a reader, one furthermore presumed to be a non crypto-sophisticate (we're not preaching to our choir here!) and that reader should, in my view leave this article with some clarity in his/her mind about crypto. Including that it exists in the context of a struggle betwixt Virtue and Vice (or from the crypanalytic viewpoint) Vice and Virtue. That reader should get from this article enough of a sense of what crypto is about that he/she can put a complex technical article on RSA, say, or the Engima, in proper perspective. Ie, as examples of encryption algorithms, one modern and the other now outmoded, and further that RSA is an encryption algorithm of a new and very important class which has changed crypto practice altogether. Further, the reader should be armed with enought clarity of perspective to be able to detect the more meretricious of the crypto snake oil products and thinking on offer (or soon to be on offer if the Trusted Computing Folks get their way). Is my intent clearer? Can we agree on intent if not method? ww

(discussion SNIPPED and moved to end of article)
A code is most certainly an algorithm. If nothing else, the find plaintext term / substitute codetext procedure is algorithmic.
"Coding" is an algorithm; "cipher" is a class of algorithms. ciphers have the potential to be vastly different algorithmically; codes are always performed by table lookup. Codes are a much less general concept than ciphers. Matt 17:31, 16 Mar 2004 (UTC) ... Actually, "general" is not what I mean; they're just as general, mathematically speaking, but not as general in terms of describing methods. Also, codes are one specific method of encryption, now redundant, and ciphers have now "captured the market", essentially. To present codes and ciphers as a dichotomy is misleading. Matt 17:35, 16 Mar 2004 (UTC)
Mostly, you have me confused. You have made many distinctions here, most of which I more or less agree with, but... The problem is???
I think, chiefly, that to call a code an algorithm at the same time as a cipher is misleading.
How so? The market capture point is certainly true, but carries the day only with certain of the Market-Lennists amongst the social commentators; it seems to me skew to the intent I had. I guess I'm still confused. I need more help as to your objection. ww
You could say: "A code" is an instance of "a cipher" (except you wouldn't, because of tradition). I think a code and a cipher refer to two different ways of implementing a mathematical transform; codes are lookups, ciphers are procedural. To call a code an algorithm goes against this distinction.
A lookup is not a procedure?! A transfrom is not an algorithm?? ! This seems to me to be so estoeric a distinction as to be more confusing than saving of confusion. I certainly remain so. I would argue that our reader would not be in danger of confusion. Reducing the conceptual load on the reader is a Good Thing, I think, and I would disagree that we must make this distinction. I think it leaves the reader less clear than otherwise. ww
Here's another way of looking at it: If you said, "codes, ciphers and RSA are all algorithms for encryption", you'd be technically correct, but you're distracting from the general definition of "cipher". Of course, codes are AN algorithm, in the same way that RSA is AN algorithm. But a "cipher" is a general class of algorithm, and "code" isn't, it's just one algorithm (table lookup) Matt 07:49, 17 Mar 2004 (UTC)
I've run against the right edge. Let's continue this below at ##, shall we?
In actual practice, the reality was still more so. Consider JN-25 a superencyphered code used by the Imperial Japanese Navy (it was, incredibly, built around Latin letters!). Several Royal Navy Cyphers were similar (as were many others of the time -- it was the 'state of the art'). The revised structure I chose here was intended to present some conceptual clarity but allowing the reader to see a higher level structure in the definitions and so to acquire some mastery of some terms which are characteristically used in a messy way. Clear speech leads to clear thinking (we can all hope so, anyway). The choice was deliberate and made with some thought as you may see from this.
Sorry about the edit conflict. I'll try to stay out of your way.


Matt, I apologize for editing your comments above, but I was finding the indentation so confusing I had to 'fix' it. The convention is more or less that reply comments are indented (":") underneath the comment for which the reply is meant. When there are several layers, things kind of pile up on the right, and I'm unaware of a solution. Folks seem to just give up after the 4th or xth indent and go back to the left. Anyway, I can now sort of follow the thread (only, however, sort of) and see what was in response to what.

Sorry again to have touched your edits.

No problem, this is Wikipedia, after all ;-) OK, I'll go with the successive indent thing. (Also we could do with clearing out some of the earlier discussions to make space.) Matt 18:31, 16 Mar 2004 (UTC)
This page certainly needs to have an archive made of some the earlier comments. I've never bothered to learn how though, so can't do so now. As for clearing out our disucsion above (a mare's nest if I ever saw one), there are live issues remaining. Perhaps we should dispose of those first? ww

ww --- Matt, I've now gone over those edits I made earlier today. It appears that in almost all cases, you have reverted them, even those which were essentially grammatical. Am I missing something here? In several cases, I thought I'd hit on a non-controversial improvement -- greater generality, a cleaner phrase, etc. You seem to have disagreed in extensio. I find it hard to believe I was so 'off' in all these cases. What am I missing?

Hmm...I'm not sure what "in extensio" means, but I changed the edits (and I think for a couple of sentences, did just "revert") which I didn't think improved grammar, generality or phrasing. The edits which improved the article, which were in the majority, I didn't change. I had a hard time seeing the improvements in the "cryptanalysis" section, in particular, though. -- Matt 07:49, 17 Mar 2004 (UTC)
Argh! Something didn't go right with my last edit yesterday, and it did just revert large parts that I thought were an improvement, sorry about that; I'm not sure how it happened. I'll try and fix it asap... Matt 07:57, 17 Mar 2004 (UTC)
Matt, OK, I'll wait. ww

ww 18:36, 16 Mar 2004 (UTC)

-## this continues a heavily indented discussion on whether codes are algorithms from above.
Matt, I think some light begins to dawn. You are, it seems, concerned to 'protect' cypher as a larger (or more important or more used or some such) thing in the encryption world than code. While clearly true, this misses the point of what I was attempting, which was not to speak to that issue at all. It belonged later after some elementary orientation. It seems to me that one must walk before one runs, and our reader here will be blind to this distinction and need not have eyes opened till some later time. Whereupon this distinction does indeed need to be brought forward lest misapprehensions grow. I was attempting to orient said reader to encryption transformations generally, not to which are most signficant. Does this clarify my intent? And perhaps change your view? ww

I'm concerned that the definition of "cipher" is obscured when both "code" and "cipher" are said to be algorithms. You could distinguish as follows: A cipher isn't an algorithm for doing encryption; it means an algorithm for doing encryption. A code is an algorithm for doing encryption. Hence, to say "codes and ciphers are algorithms for encryption and decryption" obscures the definition of cipher. Matt 15:08, 17 Mar 2004 (UTC)
Matt, I think we're getting somewhere at last. We seem to be looking at this from different analytic perspectives and for different purposes. I'm trying build in our reader's mind a structure from which to hang crypto concepts. Thus, there's encryption, decryption... and within encryption, meaning level transformations and non meaning level transformations. That one of those transformation groups is more interesting, extensive, useful, and all isn't relevant at this stagen. Later yes, and later can be the next sentence I suppose, but not in the midst of guiding the construction of that mental structure -- it's too distracting for the reader. Too much conceptual load, too soon. It's a 'teaching method' issue, as it were, not a crypto point. I think we got entangled in crypto technica more than anything else. Are we tracking yet?
BTW, I've just noticed something at Topics. Please see the Talk page for the comment. ww
* You distinguish "meaning level" and "non-meaning level" transformations; is this a distinction that people need to learn about in detail in a general article? I don't think so: "Coding" (transforming at the "level of meaning") is just one of many classical encryption techniques (it's all just bits to modern crypto...); why not deal with it in the History of Crypto page? The only reason I think it should be included at all in cryptography is to note that the layperson's term "code" is really what cryptographers would call a "cipher".
*I think you make a good point about building a structure in the readers mind; the Terminology section is just a barrage of definitions. Even though I think we should steer the tone of the article away from being "teaching", I think an illustrative example might be useful in clarifying the terminology definitions. How about a (brief, brief!) simple substitution worked example, since that's most likely what people will have encountered before? — Matt 12:05, 18 Mar 2004 (UTC)
Matt, I'm really having purely mechanical trouble keeping track of where the discussion is. If we kept to one point at a time, things would go more slowly (but then I've been working on this article for more than 2 years, so I've resigned myself to that I suppose), but we're less likely to get ourselves (or others reading over our shoulders) tangled. We have an obligation to both groups, of course. Anyway, on to your point.
Yes I think that 'meaning level' and 'non meaning level' is a meaningful distinction as it helps clear exactly the widespread misunderstanding about definitions that you note. As for everything being all just bits nowadays, well.., that's perhaps true down in the software weeds, but may or may not be true closer to the user/designer. it is certainly a point from a higher level of abstraction than most are comfortable with, and relies on an ease with alternate interpretations of the same representation (of, say, Latin letters) than may be commonly relied upon. Recall that many people are uneasy with even the idea that ASCII representations can be equally validly given in decimal, hex, binary, or octal. And still less facile in working with such representations. Have you ever had to explain to someone why talking about 1 and 0 values in digital circuitry is as acceptable, and doesn't introduce inevitable conceptual errors, than nominal voltages (+5 or whatever, and 0), or the actual sloppy non-square waves that are 'really' present? If so, you have had some experience with this sort of thing. Anyway, I would counsel caution in expecting that our first resort reader will profit from so advanced a perspective. Concreteness of example, clarity of composition, and care in constructing schema for the reader are the best antidotes I know, and hard to apply. Remind me to tell you about Red Smith sometime.
I agree that the terminology section is a barrage. I was attempting to sneak in some structure with the code / cypher distinctions. And I had included a trivial example of both a sustitution and a transposition cypher, which included an example of a key and further exemplified that keys are arbitrary as it was the same key in both cases. Most of that has been deleted, of course. Perhaps too sneaky? ww 16:18, 18 Mar 2004 (UTC)

Warnings and pragmatic advice in crypto* articles

I used them here to bring in the idea that thinking about crypto in the absence of thinking about that struggle is futile. Whether this is the best way to do so, on the other hand... The capitalization and reptition were to catch reader attention and were deliberate. The meaning is NOT obvious; in particular to the non crypto sophisticate reader being assumed. It is, in my opinion, incument upon the author(s) of this article that the reader not leave it without some sense that crypto is not merely a technical (largely mathematical) subject, but also encompasses/reflects/entangles human realities -- including The Opposition, however it's phrased.

I agree, but I think that a special term is the wrong place for conveying this.
Propose another. Or another way of achieving the desired effect. ww
Another way to convince the reader that crypto is more than just mathematics? There must be plenty, but I'm fairly sure defining a term is the wrong way. Matt 17:50, 16 Mar 2004 (UTC)
I agree that there must be plenty, and I've tried several without acclaim. You try one, or convince me that this is an unnecessary point to make. You might try reviewing the Doghouse section found in most of Bruce Schneier's monthly Crypto-grams for the past few years; he's turned up a vertiable zoo of crypto quackery. And apparently without much effort. He's rather more scathing on this than I've had any intention of being. The problem's real. How should we deal with it, Matt? ww
I do read Schneier's Crypto-gram, (I've even contributed pointers to Doghouse products). We both agree that cryptography is engineering as well as mathematics; the article even says this already. But, simply, I think that including easily understood, non-standard terms such as "the Opposition", "the Enemy" in the Terminology section is a poor way to make this point. -- Matt 07:49, 17 Mar 2004 (UTC)
OK. I repeat, propose another. I proposed several ways to approach this by now. It still needs to be dealt with somehow. Ideas from your end? ww 18:04, 17 Mar 2004 (UTC)

REPLY: If you mean, how do we express that "crypto is a practical, engineering subject, as well as a technical, mathematical subject", then we do this already, quite clearly ("cryptography is a branch of engineering..."). I think we have to be careful how much we labour this point; perhaps we could do with discussing this whole style more generally. We have a lot of crypto articles, and many good and detailed ones, but I think a problem that is widespread is that they give many warnings and pieces of pragmatic advice. Of course, cryptography is in a context, and it is appropriate to explain the context. Of course, cryptography is applied, so it's appropriate to mention its application. However, there's a big difference between a textbook and an encyclopedia article, IMO. I've imported a paragraph from PGP as a case study here, because I think it's a general cryptography articles issue:

When used properly, PGP is capable of very high security; most informed observers believe that even government agencies such as the NSA are incapable of cryptographically breaking properly produced PGP messages. But, like _all_ cryptography, misunderstanding and confusion are common, implementation errors are not unknown, and improperly used PGP can be (and will likely be) no more secure than messages produced by other, poorly designed / implemented / used, crypto systems. Failure to learn and understand how to use PGP can result in not achieving its excellent security potential. In most respects, this involves reading and following the user documentation. PGP is easier to use than many crypto systems, but neither it, nor any other, is foolproof.PGP

I think this moves beyond a presentation of knowledge into a commentary and tutorial, which I think is not appropriate for an encyclopedia article. Imagine if, say, the Martial arts page included warnings like: "When used properly, a martial art can enhance your physical security. However, the reader should be warned that taking on too many opponents simultaneously can be hazardous, regardless of the exact combat style used. This illustrates the wider point that even the most potent martial arts are susceptible to implementation errors, and few can resist a chosen-shotgun attack...". ;-) Sorry, I'm being daft, of course, but I think we could do with discussing whether warnings and pragmatic advice are in, out, or how much, else we're going to keep disagreeing over it in many places. — Matt 13:12, 18 Mar 2004 (UTC)

Matt, Thanks for the extensive reply. It gives us something to work with, which was, I think, what was intended. I regret that you have excised part of the sequential comment/recomment, and thus left succeeding readers in some confusion as to what we each said in response to what. Perhaps we might take this to actual email, rather than leaving a confusing trail. Even before your excision, things were not clear -- even to me, and I was/am a participant! But leaving that aside...
No I don't mean noting that crypto is an engineering domain. At least not entirely. That's a somewhat opaque point that most first resort readers will likely miss. And, as you note, we do point it out at present; if I ever get more done on crypto engineering there will be more available on that point. I have in mind more that all choice/use/etc of crypto is conditioned by human realities that do not apply -- by and large -- to other technical fields. Say the engineering problems in designing aircraft. Except perhaps military aircraft who are intended to cope with The Enemy/Adversary/Opposition...
The special problem for crypto is that perfect operation of a perfect crypto system doing (absolutely perfectly) whatever it was designed to do is indistinguisable to any user from Mallory's (or incompetence's) hugely insecure crypto system pretending maliciously to do the same. In both cases, the user sees the same thing -- surely in modern systems. Gibberish out, different gibberish in, and the same warning, failure, or success notices/signals/returns from the software here and there. Successful message passing is not enough either as Mallory's faux system may be silently sending copies to BadGuysRUs as well as to the correct folks.
In my experience, in the actual crypto trenches, ordinary folks mostly don't realize that. Persistently, and almost without much variance across experience/intelligence/responsibility levels. It takes much effort to bring, often resentfully, them up to some sort of speed, and many (most) revert at the first opportunity. It is, I think, a universal human characteristic. Perhaps a figure/ground problem. Something about brain wiring, maybe. Much of Anderson's Security Engineering is about the same oblivious to the same thing quality, though at a higher abstraction level.
When you add in crypto's odd engineering qualities, there is left a real problem of understanding (and of application of that understanding) which the WP may, entirely reasonably for an Encyclodpedia, take note of. I'll take up your analogy (which I agree is inapt in some respects -- I won't say 'daft' (are you in Scotland?!)), by noting that an article on martial arts generally (or on some specific one) might fairly note that in some jurisdictions expertise in such matters exposes one to special penalties in law when not properly used. One is no longer a mere brawler in a pub fight, but having special expertise, one is held to a higher standard and it becomes an offense when that standard is not reached.
Since it's a general and pervasive problem -- the often not commented upon 600 pound gorilla in the crypto room -- it deserves mention in a first resort article here. And probably elsewhere, as the example you note from PGP. Indeed, that phrasing is, I seem to remember, mine. We, I think, agree on that or on some of it. It is how, exactly, to do so that is at issue. Am I correct? ww 15:28, 18 Mar 2004 (UTC)
Yes, I agree that cryptography is an area where it can be non-obvious whether mechanisms are strong or not, and this can bite users. It is entirely appropriate to note that this is an aspect of cryptography. I do not think it is our responsibility, though, to impress this on our readers as vigorously as you would in a textbook or in a HOW-TO article. I think, stylistically, it sounds odd in an encyclopedia, even though it would be fine in a textbook. I think it's a tone thing, rather than a content thing, which makes it hard to pin down.
Have a quick glance round Wikipedia, looking at articles that involve topics that could be potentially dangerous to a newbie. It's rare that pragmatic advice and cautions are given; a more usual tone is a simple factual presentation, (often including factual presentation of risks and dangers). (I've found warning one-liners in sun and Coprophilia (you probably don't want to look at the second link...).) —Matt 22:47, 20 Mar 2004 (UTC)
Re: both of the immediately preceeding comments. I agree that it's difficult to get at. We've been 'rasslin with it for a while. In regard to the 1st example you note (I didn't, following your advice, check into the 2nd), I would disagree that the way warnings are handled at sun is quite analogous, though I would probably have noted that Galileo is thought to have gone blind as a result of looking directly at the sun while he discovered sunspots. We, on the other hand, are dealing with a subject which is entirely abstract, has no easily defined dangers, nor (in most cases) easily noticed failure modes, and cannot be used, chosen, audited, or deployed effectively (except by the most unlikely conjunction of items -- to continue an astronomical theme, as it were) without thinking carefully about it. It's been my observation that people characteristically don't so think. And crypto fraud and trash are quite common, for various reasons; common enough to indicate an economic viability for snake oil which is, to me, disturbing. NSA presumably is less disturbed. These are both important facts about crypto which deserve to be noted (ie, are appropriate to note) in even the most bland of descriptions. It's an essential part of the nature of the beast. As to tone, well, what's desirable is likely to vary from observer to observer, just like style.
I agree that facts should be noted. However, I think the "tone" is important and debatable here — the difference is between writing for people who simply want to know about cryptography and for those who want to actually go and do cryptography. I'm not saying there isn't a place for "HOW-TO" on Wikipedia, but rather we should avoid making the assumption that everyone who reads these pages is looking for practical instruction. Matt 15:49, 22 Mar 2004 (UTC)
On another topic, I've noticed that "&mdash" isn't being interpreted correctly here and there. You use it and I don't, have you noticed the same? ww 15:25, 22 Mar 2004 (UTC)
"Interpreted correctly?" Do you mean by browsers or ...? Matt 15:49, 22 Mar 2004 (UTC)
Ah, got it. "—" is the proper spelling, but if you write "&mdash", without the semicolon, it renders differently in various browsers. Mozilla renders it OK, but IE doesn't, it seems. As I use Mozilla, it took me a while to realise that my &mdash's were missing anything... Matt 17:15, 22 Mar 2004 (UTC)

Offtopic: anyone attending CRYPTO '04 at UCSB? Arvindn 11:54, 28 Apr 2004 (UTC)

Not me; the list of accepted papers looks interesting, though, particularly, Computing the RSA Secret Key is Deterministic Polynomial Time Equivalent to Factoring, by Alexander May. Will you be there? — Matt 12:25, 12 May 2004 (UTC)Reply[reply]