[continued from previous message]   
      
   > What could be done to make Enigma harder to break?  First,   
   > faster changes to settings would make it harder to intercept   
   > enough messaage.  Second, initially machines started at the   
   > same position, later Germans modified this so the operator choose   
   > initial "position" (actually offset from preassigned position),   
   > send it in clear and used this position to encrypt the position   
   > used for main body to the massage.  This interferd with Polish   
   > method of setting equation system, after that change there   
   > were less information so finding postions were harder.   
   > I mentioned that Germans introduced extra rotors.  Two   
   > extra rotors increased number of possible rotor combinations   
   > 10 times, which means more effort to break machine, but that   
   > was relatively mild quantitative difference.  Changed   
   > operationg procedure added much more difficulty.  Completely   
   > eliminationg redundancy (not doubling info about initial   
   > position) would even more effective (IIUC Germans did something   
   > like this in 1943).   
   >   
   > Looking at machines using similar principle, one probably should   
   > make rotor movement much less regular than it was in Enigma.   
   > In particular in Enigma second and third rotor moved rarely.  But   
   > already Enigma was mechanically challenging compared to   
   > earlier attempts at similar machines.   
   >   
   > AFAICS Enigma is weaker than more modern system due to property that   
   > each character of encrypted message depends only on machine settings   
   > and corresponding character in plain text.  Moreover, switchboard   
   > is applied "from outside" in a way that leaks information allowing   
   > determining rotor positions independently from switchboard.   
   >   
   >>    Enigma was a GOOD scrambler.   
   >   
   > It was reasonably good scrambler.  But rotor part had too small   
   > number of positions to resist brute force attack.  And   
   > switchboard was much less effective than number of combinations   
   > would suggest.   
      
      "Brute force" wasn't as brute back then. Yer iPhone could   
      probably tear through it in minutes WHILE you watched a   
      NetFlix. 1940s though ...   
      
   >>    The USA did decode 'Purple', but it was not quite   
   >>    as good a code as with Enigma.   
   >>   
   >>    These days we can kind of just OVERPOWER 1940s   
   >>    ciphers ... but mostly it's just that, overpower,   
   >>    not so much in the realm of any General Solution.   
   >   
   > Actually, we are still quite far from abilty to brute force   
   > 108.39 bits keys (effective length of Enigma key), and internal   
   > connections of Enigma are worth about 400 bits (and more with   
   > additional rotors).  But we know that "know plaintext" attack   
   > can be quite effective at recovering keys.  And there are new   
   > statistical approaches, likely to break any cipher designed without   
   > knowledge of such an attack.   
      
      Some claim the integrity of a cipher can be fully   
      known via mathematical analysis. In real life though   
      we hear of some clever Jack finding unexpected ways   
      to 'cheat', either breaking or notably weakening   
      the cipher. Mathematical analysis is important   
      for, so to speak, separating the wheat from the chaff.   
      However it's not the FINAL word on a cipher.   
      
      Some 'AI', trained for the task, might be as clever   
      or much more clever than dear Jack in finding some   
      unrealized flaws.   
      
      Anyway, AES seems really really good. Camilla and IDEA   
      as well. Awhile back I wrote a backup pgm that would   
      pre-encrypt individual files ... like a server full ...   
      before sending them to cloud storage. AES was fast,   
      128 a bit faster than 256. Camilla is also fast. Tried   
      using PGP/GPG but the engine had to start up from scratch   
      and that made it useless for the 1-at-a-time approach (ok   
      for large zipped files though).   
      
      In the end, YOU have to decide what's "secure enough"   
      for your data. If you are a relative nobody then you   
      don't need really hard core encryption. If you manage   
      nuclear missile silos or billions/trillions of dollars   
      then you DO need diamond-hard encryption.   
      
   --- SoupGate-Win32 v1.05   
    * Origin: you cannot sedate... all the things you hate (1:229/2)