Byte by byte, that's how we're actually encrypting and decrypting things, there's no scrambling or moving going on ... but XOR-ing. The hard part is coming up with the data to xor with.
-
Show this thread
-
One approach is to have a big chunk of secret data lying around and use that to XOR. As long everyone who needs to send or read the original plaintext has the same secret data ... this should work. Couple of problems with this:
1 reply 0 retweets 0 likesShow this thread -
Problem 1: The secret data needs to be seemingly-random. You can't use the text from book or something. Any patterns in the secret data will show up in the encrypted version, and that's literally part how the allies beat the axis powers in WWII.
1 reply 0 retweets 7 likesShow this thread -
Problem 2: You can't ever re-use the secret data. Again, patterns will show up. So you have to somehow securely get big wedges of secret random data (One time pads) around to everyone who needs them. Too hard.
1 reply 0 retweets 1 likeShow this thread -
So in modern encryption, we *generate* the secret data we need from a small key, and those keys are much easier to get around and protect. This is what symmetric encryption algorithms really are: schemes for deterministically generating random data from a key.
1 reply 0 retweets 9 likesShow this thread -
That "deterministic" part really matters: two people with the same key have to generate the *exact* same data, or else they won't be able to understand one another.
1 reply 0 retweets 2 likesShow this thread -
You've probably heard of lots of these algorithms: AES, 3DES, DES, RC4, ChaCha20. All of these algorithms do this. It turns out that the math problem of taking a key and generating a random stream of data, one that has no patterns and is not predictable in any way, is hard.
1 reply 0 retweets 8 likesShow this thread -
From that list, only AES and ChaCha20 are considered secure today, they others have been broken in interesting ways ... people figured out how to predict them. AES itself has a bit of patchy reputation, because ...
2 replies 2 retweets 3 likesShow this thread -
Cryptographers: AES is the premier and most-analyzed encryption algorithm. Absolute gold standard!
Also Cryptographers: AES implementations in software (not hardware) are either insecure, or slow, or both. It wasn't designed with caching side-channels in mind.
2 replies 0 retweets 7 likesShow this thread -
Replying to @colmmacc
Do we have strong reasons to believe that AES remains resistant to Quantum Computers (beyond Grovers)? How many researchers in Cryptography are worrying about new Quantum Attacks (aside from worrying about the known ones)?
1 reply 0 retweets 1 like
It's a big lucrative target for research, and so far no real reason to worry about AES itself. GCM doesn't look ideal in a PQ world though, there is a very esoteric attack against it in that setting.
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.