Click here to Skip to main content
14,973,807 members

Comments by Simon Bridge (Top 16 by date)

Simon Bridge 22-May-16 21:26pm View
   
How can you tell?
Simon Bridge 19-May-16 23:17pm View
   
The OP edited the question only a few days ago. Makes it current to my thinking.
Simon Bridge 19-May-16 23:15pm View
   
Deleted
It was top of a list of questions without accepted answers, and I thought I could make a contribution .. easy mistake to make. You don't have to make a big deal out of it, and down-voting my answer was just petty .. was it actually wrong? obviously people are still reading this page and posting comments, so someone might have got something out of it. I still get and read comments posted against articles and questions I wrote years ago and they still provide useful information.
If you are so concerned about this and not just wandering the site looking for people to chastise, close the question out.
Simon Bridge 19-May-16 23:15pm View
   
It was top of a list of questions without accepted answers, and I thought I could make a contribution .. easy mistake to make. You don't have to make a big deal out of it, and down-voting my answer was just petty .. was it actually wrong? obviously people are still reading this page and posting comments, so someone might have got something out of it. I still get and read comments posted against articles and questions I wrote years ago and they still provide useful information.
If you are so concerned about this and not just wandering the site looking for people to chastise, close the question out.
Simon Bridge 18-May-16 18:42pm View
   
My point is that for anyone who wants to publish a symmetrical encryption algorithm, and have it generally accepted, there is an onus on the author of said algorithm to provide some proof, or reassurance, that information encrypted by this method will not be easily recovered without the key. This is never definite proof however.

There are common steps that are followed for any algorithm, regardless of its implementation, that measure the strength of the cipher. I know a few of these, but by no means do I have a complete understanding of the process. By asking this question I hoped to improve my knowledge and understanding and then be able to articulate that to my peers.

There really isn't room here to either post the code or describe in detail exactly how my simple example of a basic encryption scheme works, and because I want to know the process on a high level I find it would be counter-productive to do so.

For example (a poor one but the best I can think of right now) - if I wanted you to explain to me the road rules in your country, would you really need to know what make and model of car I was driving?

If you really want to know how it is implemented, I could email you the code or you could wait until the article comes out.

Apologies if I was rude before, and I appreciate that you put more effort into writing clearly, it does make a big difference. It's a personal bugbear of mine that so few people put effort into their written English. English is an ambiguous language at best, and when it is written down, you don't have the body language and tone of voice that makes up 70% of the communication, and you don't have the opportunity to say things differently or ask for a correction. So maybe I'm a bit twitchy on the subject and prone to impatience.

PS. You can always edit a comment after you posted it to remove typos if necessary. Just saying.
Simon Bridge 18-May-16 0:38am View
   
It is pretty hard to work out from your question, however this did occur:

If you don't want to iterate through a million employee records, have you considered adding a where-clause to the select command? or a TOP 1000 even? because your Employee class is about as light-weight as it is possible to be, and I'm not sure moving the declaration of the 'emps' list would make any difference.
Simon Bridge 17-May-16 22:46pm View
   
Also, you don't even understand how encryption works if you don't think hashes are involved in decryption. Yes, a hash is a one way function and by itself is neither encryption nor decryption, but when you use a hash to derive part of a symmetric key sequence, you use the same hash computation in the encryption pass as you do for the decryption pass. When you use a hash to sign a digest, you must regenerate the same hash to validate it.
Simon Bridge 17-May-16 22:38pm View
   
I explained why I asked the question - as part of my due diligence, in case someone had some ideas I had never thought of. I'm not so arrogant to believe I know everything about everything.

I actually don't want your help on this at all since you seem to lack sufficient written English to be able to understand what the question is or clearly explain your answer, and you immediately resort to snide smug remarks and can't support anything you say with references, facts or even a cogent argument.

I mean, really, as a reply to a comment I spent a very long time writing and trying to keep fair and neutral, your response is: "to be brief, I disagree with all your item" - so, you either don't even understand the concept of pluralisation, or you couldn't be bothered typing the "s" - get off your high horse.

If I could block you from answering or commenting on any question comment or article I submit, - I would.
Simon Bridge 17-May-16 0:26am View
   
I have improved the question I hope since you posted this.

I am struggling a little to work out what you are trying to say, please bear with me:

You said:
"Please pay attention that the question title "How do I prove an encryption algorithm" is in the striking contradiction with "I don't actually want to prove the algorithm..." I'm not sure if you have any explanation of this contradiction even now."

My Explanation: (so you can be sure I have one)
I appreciate your point, and I have changed the title, however: I don't believe it's a contradiction to want to know how something is done, so you can explain it to someone else, without actually doing it. I explained I was writing an article, and that I wanted to know how 'something' (it doesn't matter what) was done so I could explain it in the article, so I asked the question "how do I do this thing" - there is no contradiction there.

You said: "Let me also note that your title mentions encryption. "Cryptographic algorithm" does not have to be "encryption". In your comment you mention SHA-512 and hash tables, which is not related to encryption."

I am going to assume you are not just splitting hairs on the definitions of "Encryption, Decryption and Cryptography" (which would be small and petty)

The common term here is "crypto" which comes from the Latin for "hidden" - here is a link to the Wikipedia page on "Cryptographic Hash Functions" Cryptographic Hash Functions - I don't take everything written on Wikipedia as gospel, but clearly hash functions are related to cryptography, encryption and decryption. In fact, all the hash implementations in .NET are in the System.Security.Cryptography namespace.

You said:
"As a result, it's quite hard to understand what you really trying to achieve. You last comment only makes thinks looking as everything is messed up. I really cannot understand what you are trying to discuss. As to you 1-2-2-3 items... (sigh...) — do be serious.

Your "As for the one-way-algorithm, why on earth would I reinvent the wheel there..?" is weird, to tell the least. How are you asking? How suggested anything you would need to do? You are the one who put forward the initial, you are the only one who know what you would do or would not."

I'm sorry I just can't work this statement out. What are "1-2-2-3 items", and why are you sighing? what was I not serious about? Are you actually trying to say that I am the one not making sense?
[EDIT]
I just realized I doubled up the 2 in my dot-points, that's what you meant by 1-2-2-3 items, but I was being serious: you don't think that clear, easy to read code is more valuable than code that makes sense to nothing but the compiler?

You posted: " particular, such fundamental hypothesis as existing of one-way function is not yet proven: https://en.wikipedia.org/wiki/One-way_function#Theoretical_implications_of_one-way_functions...
"
I think you were trying to say that despite the existence of lots of functions that are very difficult to invert, no one has yet proven that there is such a thing as a truly one way function. It's a bit like the debate on altruism. I agree, I think.

You said:
"
And I think it's needless to explain that any help would be impossible without very basic thing: knowing your algorithm in all the detail."

I don't think it is necessary for you to know the exact implementation of one specific algorithm, to explain the basic steps required to prove any algorithm. This is a simple case of abstraction that any developer should be able to grasp easily.
Simon Bridge 16-May-16 18:52pm View
   
Hi Sergey,

You seem to have missed my point. Did you not read the question? or did I state it poorly?

I don't actually want to prove the algorithm, I just want to be able to explain to readers what would be involved in proving one, and as part of my due diligence, I thought I would be valuable to get some input from the community at large before launching with what I already know.

I'm not so naive as to believe that I could develop a cryptographically secure algorithm during my lunch hour, however I have built an example that covers the basics. The idea is to explain the basic internal workings of a cryptographic system that:
1) doesn't require a degree in pure mathematics to understand.
2) is coded clearly using modern coding practices, without any unsafe code or overuse of bitwise operators.
2) doesn't require you to try and work out the awful mess of code that I have seen in every published implementation I can find...(I think cryptographers - they actually write obfuscated code by hand)
3) introduces the concepts of hash-tables, cipher-block-chaining, initialization vectors, symmetrical transforms, etc in a way that can be understood by a developer.

As for the one-way-algorithm, why on earth would I reinvent the wheel there, when I can use any of the implementations already in .NET? I'm not proposing a new one-way algorithm, I use SHA-512 as the one-way-function. We could debate whether there is actually such a thing as a one way function, since computer systems are intrinsically deterministic and therefore cannot actually add entropy, but that's way off topic.
I was considering generating a challenge like this one:

http://web.mit.edu/kenta/www/three/aes/challenge.html

I know it's not proof, but there is some value to it.

Simon Bridge 21-Jan-12 1:55am View
   
You have to assume that your potential attackers have full access to the software and the source code when building a secure system. Especially when developing in .NET
Simon Bridge 19-Jul-11 23:58pm View
   
Deleted
PISS OFF WITH YOUR HORRIBLE SPAM, NO ONE WANTS TO BUY YOUR SHOES
Simon Bridge 19-Jul-11 23:56pm View
   
Deleted
Thanks heaps for updating the code, I understand what you are doing now: instead of using the set value method of the property-info object, you are building a delegate that actually calls the setter on the specified type. I'm not that great with lambda expressions yet, so I would probably have done it differently myself but it is a really good idea, thank you for sharing.
I guess the same thing could even be achieved by emitting IL or compiling procedurally generated c# code using the code-dom-compiler.
Simon Bridge 15-Jul-11 2:07am View
   
Deleted
I really wanted to do a comparative test, running 1000 instances of this version against the simple version.

Which version of the .NET framework are you using for this? I cannot compile it, "Expression does not contain a definition for Assign."

Also, can you explain how and why it works? I can gather that it builds a map to speed up the resolution of the property-info to data-row relationship, but beyond that I am lost without comments.
Simon Bridge 15-Jul-11 2:04am View
   
Deleted
Reason for my vote of 3
This does not even compile... which version of the framework are you using? you do not specify. Also, It just does exactly the same thing in a much more complicated and harder to understand fashion, by generating a lookup map to speed up resolution of the property associations... which would only improve performance if you are loading more than one object of the same type, - or am it wrong?
Simon Bridge 15-Jul-11 1:52am View
   
Deleted
I am very interested in how you would re-write this to be as fast as pre-specified hand written code. There is one enumerator and 2 conditions to test, with possibly a type conversion.. how do you make this more efficient?

Not that I have encountered any issues with performance using this approach.