
Alice strikes back against Bob's 'reverse dictionary' - jgrahamc
http://blog.jgc.org/2013/04/alice-strikes-back-against-bobs-reverse.html
======
kerneis
This example is unfortunately somewhat broken: the 'salt' in that case does
not yield an exponential but only linear increase of the number of
dictionaries.

Contrary to what the post says, it is not necessary to compute the 3,125
possible orders. Only 5 reverse dictionaries are enough, with reverse(n, w) =
"the set of definitions the nth word of which is w". Then, iterate the reverse
lookup following backwards the provided salt.

It makes the attack much more tractable, in particular since the length of
definitions is bounded (you know how many dictionaries you need to compute).

~~~
jgrahamc
True. I'll add a PS pointing to this comment and set it as an exercise for the
reader that it would be possible to reduce the number of dictionaries.

------
danso
What I like about these solutions is that they give proper discussion to
_implementation_ , not just the theory behind the encryption. It wasn't
initially clear to me why salts were stored out in the open and when they were
brought into the actual encryption process but this is a very clear
explanation.

------
kamakazizuru
this series of articles has been brilliant so far! it takes a relatively
obscure concept that people dont always know / understand (even surprisingly
many within the hacker world) - and makes it so simple to understand! great
job - I wish people with skills like yours taught at university!

~~~
silverbax88
Reading these articles, I already implemented salts in my code, but I never
realized that I have been implementing them incorrectly.

~~~
SoftwareMaven
Which is why crypto should be left to reviewed experts. It is painfully easy
to get wrong, and when you get it wrong, the result is usually a crack able
system.

~~~
silverbax88
I'm not doing custom encryption. I'm not sure why you would think that.

------
darxius
I've loved these blog posts so far -- they're a great intro to cryptography
and force me to think simply.

I'm excited to hear what Carla has to offer!

~~~
viggity
fwiw, my crypto/security classes in college all referred to "Charlie" as a
third party :)

<http://en.wikipedia.org/wiki/Alice_and_Bob>

------
srathi
Surprisingly simple explanations of tricky cryptographic concepts. Thanks a
lot!

