Changing preferences

Faramir faramir.cl at gmail.com
Wed Sep 24 13:33:54 CEST 2008


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Robert J. Hansen escribió:
> Faramir wrote:
>> Ok, let me say something on my behalf: in my experience, when 
>> something does't work as well as expected, and people say "well...
>> lets do it 2 times, that should work", usually that leads to
>> something that works, but it is not as good as it could be...
> 
> False premise.  DES works every bit as well as we expect.  Even today,
> the best attack against DES is brute force.

  I was not intending to say 3DES suffers from that problem. In fact, I
don't have any experience with 3DES, and just about 5 months using gpg.
Also, I have said many times I am talking about a "dislike" not based in
a rational reason (sorry if I am being redundant there). So probably it
is a mistake to try to explain in a logical way something that is, by
definition, non based on logic. But since maybe I caused a wrong
impression, I will try to clarify a bit my point of view... the rational
one.

>> Well... that resumes what I would expect from something designed to
>> be applied once, and "fixed" by applying it 3 times...
> 
> This is historical provincialism.

  When people is lazzy and don't want to spend time and energy to make a
proper solution for a problem, and just take what they have and adapt it
in a sloppy way, they use to get solutions that are bulky, non
aesthetic, and with a lot of disadvantages... a bit like you described
the performance of 3DES. But these solutions need to be good enough to
be able to be considered "solutions". For that reason, I have a biased
feeling about solutions that seems to be done that way. I don't have a
knowledge deep enough on 3DES (on any encryption algorithm, I lack the
maths skill needed for that) to be able to judge it, and I don't intend
to judge it. But when I saw an article about 3DES, and I understood (or
_misunderstood_) it was just to apply DES 3 times, that arose the same
_feeling_ that I feel when I see a sloppy job. But it was just a
feeling, not a rational condemn to that algorithm, or to the people who
developed it. I _DONT_ think the developers of 3DES are (or were, I
don't even know if they are still alive) lazzy, or any other
adjective... these adjectives are for the people responsible of the
sloppy jobs I have seen, and all those jobs were about masonry (I talk
about building or fixing a house, not about the Society with the same
name), electric installations, and that sort of manual work.

  So I always knew my experience was not applicable to software, and if
I failed trying to point that, I admit my fault. I also knew 3DES is
good enough to be the default and must have algorithm in OpenPGP, so
despite any disadvantage it may have, it can't be a bad algo, or it
would have been deprecated, or at least, there would be advices about
avoiding its use if possible.


>> The thing I dislike about "let's do it 3 times" is it was not
>> designed to be used that way...

> "The thing I dislike about the relativistic study of the electron shells
> in a gold atom is that relativity was not designed to be used that way.
>  It's about large systems!"

  One thing is to discover new way to apply something, because that
thing has many possible applications, and other very different thing is
to apply something a lot of times to so solve a problem, instead of
looking for a better solution. I will give an example:

  Once I saw a shelf attached to the wall by no less than 24 screws.
When the shelf was removed, the wall looked like it had been attack with
a screw-shooting machine gun. Sure, the shelf was firmly attached to the
wall, but it would have been better to use bigger screws, or maybe to
add "legs" to it to support its weight. Or maybe some other solution.

  But it is not the same than to discover a painkiller can also reduce
the risk of heart strokes.


> If you make a groundbreaking advance in any field, that advance will in
> turn open the door to new advances which will build on your original
> idea.  DES made us consider group theory; we then discovered "hey, you
> can chain them together!"; now we do it.  Where's the problem?

>> I get the impression 3DES is a "patched" DES.
> 
> It's not a patched DES.  Not in the sense that you're thinking of it.

  I don't know if the article I read was not clear enough about that
point, or if I failed to notice it. If 3DES is the application of a
theory that was not considered before, then it is not what I thought it
was. If 3DES is built using DES, as a wall is made using bricks, I don't
have anything against that.

> Blowfish had a sign extension error in its first printing.

  Software use to have errors, or bugs, and it is ok to fix them. The
problem comes when the hole that need to be patched is a triangle, and
the patch is a square, and you need to use a hammer to make it fit
inside the hole...

  I will make another comparison... lets suppose I build a house, and
after a while, I notice the door is not strong enough for my safety
requirements. I can replace it with a stronger door. Or I can get
another weak door, and nail it to the original door, to increase its
strength, even if now it doesn't follow the wall line, and also, since
all those nails made it a lot heavier, now I need to lift the door a bit
to be able to open or close it.

> GnuPG itself is built one patch at a time.

  Yes, but I figure these patches are carefully designed to solve the
problems without causing new ones. And if a bug is introduced, there are
efforts to remove it ASAP.

   Best Regards
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iQEcBAEBCAAGBQJI2iWiAAoJEMV4f6PvczxABzoIAKOBdHWiqaWqAHNRsjfF8f6K
9YX+eyEhBR6dyFqCXsvn26FT2fzPH4Mbqg0Q0kaAHDGFgDUn8kpmaWOOnLfXHeud
Ebf8so6hG5mgNlvMU8HCNGpIr02qlcm7FMmMXZwpVbUa6sqjyquwy9znK2sYIuol
HWvyAFrQofV2iZJHuLsppPwyej3apStDm7IEx3TfNRGsvzlHcx/pXC5FM8XoNrnS
EPH692iWRiiQ6RAezvwpR7yd1vIzTd7GDowhx2yLUzd7bk1aXlSxhYCyzrSF0i26
gDdGkZRmlHsMu9JvNXjtxE+DzgE/eXYU1vnbrqx3yYlWoXclHEnXlQK85sfZGMI=
=Tc1A
-----END PGP SIGNATURE-----



More information about the Gnupg-users mailing list