EDIT: We have a couple of cipher puzzles on this site which use primitive, simple ciphers like Caesar, Bacon and substitution ciphers, and some of these puzzles combine them.
This made me wonder about combined ciphers and what that means for various identification routes in general. The question, however, might be more suitable for crypto.stackexchange.com (as pointed out by Kevin) and a partial answer to my question can be found here (thanks, dmg).The main motivation for posting this general question at P.SE is the following problem:
How could a cipher puzzle be made more resistant against brute-force tools while at the same time staying a solvable puzzle for the human brain?
I think/hope that the solution could be to use two ciphers, one of which is rather weak but requires a keyword. It is rather easy to have a keyword hidden in text so that it is easily recognized by a human, but not by any algorithm. Hence, brute-forcing would only partly help, but it remains a fair puzzle for humans.
Think of a clever puzzle with some cipher to be cracked. The clear text of this puzzle reads something like "HTEWD SADISDA OASD KLASD NOW USE THE NUMBER BEFORE TWELVE AS KEY FOR SUBSTITUTE ASD ASD ASD ASDADFDFSD" and only applying the second cipher with "eleven" as key gives the clear text. That should be rather straight forward for humans, but rather difficult for brute-force.
It is obvious that any keyword or key (prime) requiring encryption becomes stronger with the length of the keyword/key and that 32bit encryption is way less secure than 64bit encryption etc.
The one thing, which hasn't become clear to me is the following: I assume that brute-force decryption methods work by applying 'random' keys and validating the 'decrypted' message towards some measurement for "clear-text". This being true, isn't multi-encryption with different ciphers more difficult to crack, than applying the same cipher with a longer key?
Or to ask the same another way: Assume I have some cipher which depends on a key and becomes more difficult with longer key. Let's call this the outer cipher. Now assume I have a another cipher - rather a simple one - which destroys some fundamental text parameters like letter-frequencies and word-lengths. Let's call this the inner cipher.
Even if one has a brute-force method for decryption of the outer cipher - can it even be applied if there is no knowledge of the inner cipher?
Applying this in praxis: "How much security is gained by double-encrypting a text with a simple cipher before using a strong cipher - compared to only using the strong cipher with a longer key?"
No comments:
Post a Comment