I am nominating this featured article for review because...it does not meet WP:WIAFA in its current state. Though somewhat comprehensive, it is not well written (the lead is very poor), and it lacks citations in numerous sections. It fails 1a,1b,2a, and 2c.
The FA was passed in 2006...the standards have been raised since, so the article doesn't appear to meet our 2011 FA requirements.
I have not raised the issues on the talk page because it is inactive. Smallman12q (talk) 14:12, 27 January 2011 (UTC)Reply[reply]
Delegate note - The notification must still be made, even if the page is inactive. I am placing this review on hold and making a notification on the talk page. If, after a week, there has been no response and no work has been done on the article, this review can be reopened. Dana boomer (talk) 17:32, 27 January 2011 (UTC)Reply[reply]
Delegate note - After a talk-page notification and month-long wait, few edits have been made and no substantive work completed on the article. The FAR may now proceed as normal, with the time frame being determined from the time stamp on this comments. Dana boomer (talk) 00:54, 28 February 2011 (UTC)Reply[reply]
Some review/comments since nobody else seems to care:
Excessive history section for the ancient part, rather vague in modern part with some filler text. Also the claims about Arab inventions need to be checked against the source. There's an editor around here that's been pushing that everywhere, often with poor or no source. There's even a clean-up project for him.
The padlock icon discussion is downright silly.
Cryptographic hash functions and MACs are discussed as part of "Symmetric-key cryptography" but this is plain wrong, they are separate topics. See toc in a standard textbook e.g.
We're told that "Many have been thoroughly broken; see Category:Block ciphers", but the category has all the block ciphers. Is the reader expected to go through all of them to find examples?
Some references only partially support the text they're after. For example, the one after "In 1997, it finally became publicly known that asymmetric key cryptography..." doesn't fully verify that paragraph. (And that particular issue is somewhat contentious, so needs secondary refs to boot.)
Can't fathom why "Cryptographic primitives" is given as major topic of cryptanalysis. The cryptanalysis article toc has a more reasonable wp:weighting of the major areas/issues. Let me explain this a bit further. Although the distinction is perhaps less sharp than in other fields, the "pure" (which is hardly ever called this way) aka mathematical cryptography concerns itself with the primitives mostly, whereas applied cryptography deals mostly with protocols/schemes etc. that use those primitives. You can convince yourself of this with a google books search for the linked terms. (false alarm on this, see discussion below)
"Export controls" section has a lot of filler text.
There are several EU Copyright Directives, but the article fails to link to any (and I'm not sure which one is right because there's no citation).
Minor concerns about POV, e.g. "Some more 'theoretical' cryptosystems ..." (use of scare quotes) Towards the end, unattributed POV: "The United States Department of Justice and FBI have not enforced the DMCA as rigorously as had been feared by some, but the law, nonetheless, remains a controversial one." (Next citation doesn't verify this.)
The bibliography is rather weird. An overview article like this should have IMO a further reading section with monographs and textbooks annotated for the reader; see WP:FURTHER. (Even if this article were better, you can't possibly include the equivalent of a textbook in it.) The main problem with it is disorganization (needs subsections), and some entries refer to others (by comparison) that aren't even there, e.g. Scheneir's AP.
The lead diagram PNG should probably be replaced with a SVG, and observe the principle of alignment in graphic design.
Overall the article reads fairly amateurish. Hope this helps, Tijfo098 (talk) 21:55, 18 March 2011 (UTC)Reply[reply]
The legal section lacks coverage of relevant topics such the of cryptography in self-incrimination.Smallman12q (talk) 22:52, 18 March 2011 (UTC)Reply[reply]
I'll be frank... Even though I think the article covers many aspects of cryptography digestable for a layman and does not contain any real misinformation, it is often fuzzy and neglects much of what "really" makes up modern cryptography – even though I'm not sure where the line between accessibility and comprehensiveness should be drawn. While I would have preferred to see the reader educated a bit about cryptography, at the same time I also tend to support demotion of the article. Unfortunately, my time/energy available to improve this article is pretty limited...
(@Tijfo098:) "Cryptographic primitives" is a subsection of "Modern cryptography", not "Cryptanalysis". Regarding your distinction between "pure" and "applied" mathematics, the former is concerned with both atomic primitives and schemes (and to some degree protocols). Provable security, which reduces the security of schemes to that of their underlying primitives, is a major aspect of modern "pure" cryptography.
While the article marginally mentions important aspects of modern cryptography such as the transition from (Shannon's) information-theoretically secure systems to the concept of computationally secure systems, the connections to complexity theory, the modern understandings of "security" (semantic security), attack models, etc., modern provable security etc., this should almost definitely be improved (even though I'm wary of where to draw the line between accessibility and comprehensiveness).
Curiously, the article does not have an Applications section at all. Other aspects of interest but not covered are Social aspects of cryptography.
It's not a bad article, but probably not good enough for FA. Nageh (talk) 19:24, 19 March 2011 (UTC)Reply[reply]
Yeah, sorry about me incorrectly observing that primitives was a sub-section of cryptanalysis in the article; it never was so--false alarm on that issue. On your other point, i.e. on the relation to computational complexity, I am aware of it in no small part because I have a friend whose PhD thesis was on a (subtopic) of that (his adviser was J. Katz :-) While it is certainly an important (research) topic, I don't know how much emphasis an overview article like this should put on it. Tijfo098 (talk) 13:07, 23 March 2011 (UTC)Reply[reply]
Reading our stub on provable security and the ELs from it, I see there has been an academic (mostly PR) spat over that. (Koblitz vs. Goldreich, Barak, Katz, Wigderson, etc.) So, I can see why you'd want to emphasize that in the main article, although you have to consider that the average Wikipedia reader arriving there probably understands cryptography at the level of the "padlock icon" :-) Telling them of some academic controversy is probably not going improve their knowledge much, so I suggest 1-2 paragraphs at the most on provable security in the main article. Tijfo098 (talk) 13:21, 23 March 2011 (UTC)Reply[reply]
FWIW, based on those letters, the "standard" name for "pure" cryptography is "Foundations of Cryptography". Perhaps the article should follow that convention. Tijfo098 (talk) 14:19, 23 March 2011 (UTC)Reply[reply]
Well... I'd like to see aspects of modern cryptography such as provable security emphasized because it really is what distinguishes it from classical trial-and-error cryptography. You will rarely find papers on cryptographic primitives accepted nowadays without some sort of security proofs. Don't be misguided by our poor stubs, which prefer to cover a PR spat (that it is) rather than to outline the real significance of provable security (and concrete security, in particular). Anyway, I am aware that too much coverage of this may be misplaced in a general article (especially after all the bashing at maths folks and the like that they do not aim for accessibility of articles).
Regarding your distinction between "pure" and "applied" cryptograpy, I'd rather call it "theoretical" and "practical". (At least, that's what I am familiar with, even though there is still some fuzziness in it.)
Concluding, there are several aspects in which the article could be improved. But I'd rather like to participate in discussion and help out improving the article rather than tackle it on my own, simply because bringing it up to FA status again takes lots of time. (Appreciation for all those who do work towards FAC.) Nageh (talk) 15:52, 23 March 2011 (UTC)Reply[reply]
I'm not that easily misguided, I've improved the provable security stub with a link to a paper that has substantive technical discussion (instead of mainly back-and-forth rhetoric). Tijfo098 (talk) 15:17, 24 March 2011 (UTC)Reply[reply]
Comment - This has been at FARC for over two weeks, with no comments on whether the article should be kept or delisted. Could we please get some thoughts on this subject? Thanks, Dana boomer (talk) 14:13, 13 April 2011 (UTC)Reply[reply]
Nageh tends towards delisting above, even if he didn't bold that part of his statement. I tend to agree with him, the article is not terrible, but not great either, B class I would say. Let's see if any improvements are made following the promise below. Tijfo098 (talk) 03:06, 1 May 2011 (UTC)Reply[reply]
Please extend FARC - Despite the fact that I believe the article needs significant work, I am inclined to believe that it deserves a further chance. I will put some comments on the article's talk page over the next day or so and see if there is any concensus on proposed changes. If there is concensus or there is no response I will go ahead and edit some sections. FrankFlanagan (talk) 22:44, 29 April 2011 (UTC)Reply[reply]
I have done a user space draft of a new section on authentication User:FrankFlanagan/Authentication and a talk page draft of a re-write of the lead. I have got some talk page comments on these and sought to incorporate them. Nageh has indicated on the talk page that he will review these, hopefully in the next couple of days. I am reticent to make major amendments to an FA without some concensus.FrankFlanagan (talk) 04:55, 13 May 2011 (UTC)Reply[reply]
Having obtained some feedback on my efforts I am now of the view that it will take me too long to get any susbtantial contribution into shape and withdraw my request that the FARC should be deferred. FrankFlanagan (talk) 18:52, 23 May 2011 (UTC)Reply[reply]
To answer two of the points above:
Arab cryptography: this article used to include a claim that the Arabs invented polyalphabetic ciphers. This extraordinary claim is not supported by the sources cited and I've removed it. The sources do support the content currently in the article concerning Arab cryptography.
Remove This article is very sparsely referenced, including when it makes significant claims. This alone is sufficient for a remove opinion. Less importantly, and more specifically, it self-references Wikipedia. Including "(rhymes with "Italy")" in a caption strikes me as dumbing down. --Dweller (talk) 12:38, 24 May 2011 (UTC)Reply[reply]
The above discussion is preserved as an archive. Please do not modify it. No further edits should be made to this page.