[Petrushka]

Wow! Does this say that as long as key generation, key distribution, and message authentication are trivial, unbreakable cryptography is a cinch? What a shock, here I thought that all those billions of dollars of research and thousands upon thousands of man-hours devoted to the development of secure communications throughout the last three-thousand years meant that this is a difficult problem. Had all those people simply read this article, we wouldn't have had any sort of issue whatsoever...

Not only are the three problems I mentioned above the most serious open issues in cryptography, but the actual encryption of information might be the least difficult. As long as they are implemented correctly, and no one has some quantum or otherwise impossibly powerful computer lying around someplace that no one knows about (or has solved the Riemann Conjecture), then RSA, El Gamal, AES (w/ proper mode), Blowfish (ditto), and numerous others are unbreakable as well. In fact, with the lack of restrictions the author includes for what constitutes "unbreakable" cryptography, a one-time pad will also work just as well.

And yes, I do realize he gives mention to this at the bottom of the article, but it's still hilarious to title this "unbreakable" cryptography.

[ColinWright]

I agree that this is a really poor article, but the point underneath is that the OTP really is provably unbreakable given infinite resources. That can't be said of any of the others you mention.

I think your level of scorn is justified, but the target is misplaced, and your tone is unconstructive.

[Petrushka]

I'll agree I could be a little less demeaning. The point is though that cryptography more then anything else is about its practicality, and so by ignoring the difficult parts of it you render any statement you make pointless. Also, although you are correct about noting that under infinite resources RSA et al is breakable, again, practicality. If it takes longer then the previous amount of time elapsed in the universe to break (assuming proper implementation etc.) then it is, for all intents and purposes, unbreakable.

[ColinWright]

Do you think that in an article aimed at students that's the right place to start? Side-channel attacks, timing attacks, differential analysis, weaknesses in key exchange, why padding is necessary, biases in pseudo-random number generation, etc, etc, etc ...

Or is it better to start with what crypto is, with key generation, encryption, decryption, then move on into the first level of complexity?

[betterunix]

For what it's worth, practical secure cryptosystems only exist under a number of assumptions that, thus far, have no proof. Commonly used public-key systems are in an even more precarious position: even if P!=NP, the RSA and discrete logarithm problems may still be computationally feasible (and thus RSA, Diffie-Hellman, and ElGamal would be insecure). Cryptography based on NP-hard problems is possible (e.g. Atjai's lattice system), but these remain research topics and have seen little real-world use.

The point is this: there is a lot we do not know about cryptography.

[bpolania]

XRDS Crossroads is a magazine blog for students, the article presents an actual topic explained for those interested, I think it targets an important part of Hacker News demography and it makes an excellent job in encouraging students to go ahead and develop their own crytographic solution, so I don't know what are you so angry about the article

[Petrushka]

I'm a student myself. Funny enough, some of us are actually intelligent and can handle complexity. To me, this is the equivalent of teaching military science by telling someone how to shoot a gun. Instead of trying to introduce someone into the field by showing them what questions the field is actually trying solve, you're introducing them into the field by showing them the small subset which those who have no interest in it assume constitutes the entirety of it.

How many mathematicians do you thing have read an article on cryptography, gotten really interested in it, and then realized the most important open question in it revolves around the computer equivalent of spotting a fake ID?

[bpolania]

The article explains an implementation of a Vernam Cipher, it's not intended to solve the most important questions in cryptography.

I don't understand how "introduce someone into the field by showing them what questions the field is actually trying solve" could do any good, it's like saying that the first subject in Physics 101 should be the unified field theory instead of Newtonian physics.

[betterunix]

"the most important open question in it revolves around the computer equivalent of spotting a fake ID"

I am pretty sure the most important open question in cryptography is whether or not one-way functions exist...

[JVIDEL]

I agree partially and really this wouldn't be a bad article at all if it wasn't for the link-bait title they used.