Comments by Simon Bridge (Top 16 by date)

It is pretty hard to work out from your question, however this did occur:

If you don't want to iterate through a million employee records, have you considered adding a where-clause to the select command? or a TOP 1000 even? because your Employee class is about as light-weight as it is possible to be, and I'm not sure moving the declaration of the 'emps' list would make any difference.

Also, you don't even understand how encryption works if you don't think hashes are involved in decryption. Yes, a hash is a one way function and by itself is neither encryption nor decryption, but when you use a hash to derive part of a symmetric key sequence, you use the same hash computation in the encryption pass as you do for the decryption pass. When you use a hash to sign a digest, you must regenerate the same hash to validate it.

I explained why I asked the question - as part of my due diligence, in case someone had some ideas I had never thought of. I'm not so arrogant to believe I know everything about everything.

I actually don't want your help on this at all since you seem to lack sufficient written English to be able to understand what the question is or clearly explain your answer, and you immediately resort to snide smug remarks and can't support anything you say with references, facts or even a cogent argument.

I mean, really, as a reply to a comment I spent a very long time writing and trying to keep fair and neutral, your response is: "to be brief, I disagree with all your item" - so, you either don't even understand the concept of pluralisation, or you couldn't be bothered typing the "s" - get off your high horse.

If I could block you from answering or commenting on any question comment or article I submit, - I would.

I have improved the question I hope since you posted this.

I am struggling a little to work out what you are trying to say, please bear with me:

You said:
"Please pay attention that the question title "How do I prove an encryption algorithm" is in the striking contradiction with "I don't actually want to prove the algorithm..." I'm not sure if you have any explanation of this contradiction even now."

My Explanation: (so you can be sure I have one)
I appreciate your point, and I have changed the title, however: I don't believe it's a contradiction to want to know how something is done, so you can explain it to someone else, without actually doing it. I explained I was writing an article, and that I wanted to know how 'something' (it doesn't matter what) was done so I could explain it in the article, so I asked the question "how do I do this thing" - there is no contradiction there.

You said: "Let me also note that your title mentions encryption. "Cryptographic algorithm" does not have to be "encryption". In your comment you mention SHA-512 and hash tables, which is not related to encryption."

I am going to assume you are not just splitting hairs on the definitions of "Encryption, Decryption and Cryptography" (which would be small and petty)

The common term here is "crypto" which comes from the Latin for "hidden" - here is a link to the Wikipedia page on "Cryptographic Hash Functions" Cryptographic Hash Functions - I don't take everything written on Wikipedia as gospel, but clearly hash functions are related to cryptography, encryption and decryption. In fact, all the hash implementations in .NET are in the System.Security.Cryptography namespace.

You said:
"As a result, it's quite hard to understand what you really trying to achieve. You last comment only makes thinks looking as everything is messed up. I really cannot understand what you are trying to discuss. As to you 1-2-2-3 items... (sigh...) — do be serious.

Your "As for the one-way-algorithm, why on earth would I reinvent the wheel there..?" is weird, to tell the least. How are you asking? How suggested anything you would need to do? You are the one who put forward the initial, you are the only one who know what you would do or would not."

I'm sorry I just can't work this statement out. What are "1-2-2-3 items", and why are you sighing? what was I not serious about? Are you actually trying to say that I am the one not making sense?
[EDIT]
I just realized I doubled up the 2 in my dot-points, that's what you meant by 1-2-2-3 items, but I was being serious: you don't think that clear, easy to read code is more valuable than code that makes sense to nothing but the compiler?

You posted: " particular, such fundamental hypothesis as existing of one-way function is not yet proven: https://en.wikipedia.org/wiki/One-way_function#Theoretical_implications_of_one-way_functions...
"
I think you were trying to say that despite the existence of lots of functions that are very difficult to invert, no one has yet proven that there is such a thing as a truly one way function. It's a bit like the debate on altruism. I agree, I think.

You said:
"
And I think it's needless to explain that any help would be impossible without very basic thing: knowing your algorithm in all the detail."

I don't think it is necessary for you to know the exact implementation of one specific algorithm, to explain the basic steps required to prove any algorithm. This is a simple case of abstraction that any developer should be able to grasp easily.

Hi Sergey,

You seem to have missed my point. Did you not read the question? or did I state it poorly?

I don't actually want to prove the algorithm, I just want to be able to explain to readers what would be involved in proving one, and as part of my due diligence, I thought I would be valuable to get some input from the community at large before launching with what I already know.

I'm not so naive as to believe that I could develop a cryptographically secure algorithm during my lunch hour, however I have built an example that covers the basics. The idea is to explain the basic internal workings of a cryptographic system that:
1) doesn't require a degree in pure mathematics to understand.
2) is coded clearly using modern coding practices, without any unsafe code or overuse of bitwise operators.
2) doesn't require you to try and work out the awful mess of code that I have seen in every published implementation I can find...(I think cryptographers - they actually write obfuscated code by hand)
3) introduces the concepts of hash-tables, cipher-block-chaining, initialization vectors, symmetrical transforms, etc in a way that can be understood by a developer.

As for the one-way-algorithm, why on earth would I reinvent the wheel there, when I can use any of the implementations already in .NET? I'm not proposing a new one-way algorithm, I use SHA-512 as the one-way-function. We could debate whether there is actually such a thing as a one way function, since computer systems are intrinsically deterministic and therefore cannot actually add entropy, but that's way off topic.
I was considering generating a challenge like this one:

http://web.mit.edu/kenta/www/three/aes/challenge.html

I know it's not proof, but there is some value to it.

You have to assume that your potential attackers have full access to the software and the source code when building a secure system. Especially when developing in .NET