2. Hmmmm. Tough one. I don't like algorithmic approach we sometimes take. For instance, DES is an algorithm, and learning to perform it is like learning how to take a derivative. It's useful, and particularly involved, but I don't feel like I'm gaining an insight into why the algorithm works, in the sense that XORing and (mod 2) arithmetic have specific meanings and properties related to information and such, but I feel like we're assuming it just obfuscates the data, which means we very easily could fall into the trap of constructing an encryption system with some elementary attack vectors. I don't know what the long term goals are for the curriculum. My feedback is based on the assumption that we learn about and analyze possible attack vectors and can prove that certain aspects of a given cryptosystem (even a self-concocted one) are secure. All of that said, I like the theory and I like the demonstration of certain cryptosystems' weaknesses.
3. I would like a term project where we create our own cryptosystem (in groups maybe) and "publish" the algorithm for the class. We then analyze other groups algorithms and see if we can find a way to break the cryptosystem without resorting to a full-on brute force attack. There could be restrictions on key length or something so that a brute force attack was possible, to aid in finding another way to break it. I think this would be a good way to be honest with ourselves in the creation of an information security system and get a tiny bit of an independent research experience.
No comments:
Post a Comment