cryptography

N. Andrew Walsh n.andrew.walsh at gmail.com
Fri Apr 3 14:04:11 CEST 2020 

Dear Johannes,

Thank you for your message.


On Fri, 3 Apr 2020, 13:29 Johannes Hielscher <jhielscher at posteo.de> wrote:

>
>
> youllprobablyhavenoticedthatrestrictingtotwentysixlettersmightalreadybeq
> uitedifficulttodealwith. But the algorithm does not rely on the alphabet
> having exactly 26 letters. Either squeeze a “Base26” encoding in
> between, or increase your deck size to include happy things like spaces,
> punctuation, capital letters, numbers, \, {, }, *, #, …
>

Come to think of it, a tarot deck has 78 cards, but I'm not sure what the
encoding would be (and it only has one "joker": The Fool).


> Also let me quote the wobsite you referred to: “Since its creation,
> analysis has revealed flaws in the cipher. It is now considered
> insecure.”
> It's your decision to long-term rely on such algorithms. Paper doesn't
> blush.
>

Fair point. Following advice from the list, I wrote Schneier directly.
You're probably correct below, that this might not ve the appropriate venue
for this question.


>
> However, it is not entirely clear if you want the typesetting system to
> allocate syntactic structural information (page/footnote numbering etc.)
>

At this point im thinking that page numbers can be manages by treating the
encrypted text as an embedded multipage pdf, and then fixing footnote
numbers from the output before encryption.

>
> You aim on having references to the encrypted sub-document within the
> human-readable portion of the document? Besides being bad style, this
> also reveals (meta)information on what is encrypted, hence weakens the
> encryption level.
>

The references are purely numerical (as in "see note X") so they don't
expose any additional info beyond what's already exposed by continuous
numbering.

If you want your document to be fundamentally safe against crypto
> attacks, I recommend to resort to well-proven techniques like EBCDIC.
>

I'll look it up. Thanks for the tip!


> Maybe. I'm just unsure if a list for infrastructure organisation on
> typographical nitpicking is the best place to find it.
>

Indeed. But you've already given some good tips. I figured the overlap
between typography and cryptology enthusiasts would be nonzero. Thanks.

>
> > Thanks for the help,
> >
> > A
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://tug.org/pipermail/tex-live/attachments/20200403/31e6af7a/attachment.html>

More information about the tex-live mailing list.