[Top] [All Lists]

Re: Complexity not a dominant strategy for independant deployment

1997-11-24 18:52:04

Ian Grigg <iang(_at_)systemics(_dot_)com> writes:
Hal Finney wrote in "Re: hand huffman encoding at PGP world HQ:"

It is true that Phil Zimmermann has been the chief advocate of making
PGP data structures as concise as possible.  (I don't know whether Jon
actually goes around the office singing songs about it or not.)  Phil is
out of the country now so I will try to relay some of his thinking.

First, the difficulty is really not as large as people are making out.

Well, I have to disagree on that.  The difficulty is high.  I recall the
swearing going on when each one of the infamous bit twiddles was finally
debugged out of the Cryptix code - not pleasant to be on the same
mailgroup as that discussing yet another PGP furfy.

I found the non-standard CFB mode consumed more time than the LOL
twiddling (spent a bit of time with two gdb's up to get that one
working).  Not tackled the rest of the bit twiddling to date, nor the
WoT and revocation semantics.  (I only coded the PRZ style CFB and LOL
bit twiddling as an extra confidence test that my app was doing
something sensible with it's vanilla IDEA and 32 bit ints).

Really I am an oddity in this discussion.  I am a hand huffman
encoding freak if ever there was one.  But at the same time there is
another side: mostly I code optimised for clarity and simplicity.
Perhaps it's just my freakish optimisation for amusement tendencies
coming out again, but I actually went over and reimplemented 3 or 4
times optimising for simplicity my SHA1 implementation.  Same thing
for IDEA, and MD5.  (Note not for speed -- for clarity, speed was
secondary concern).

Now it seemed to me that aside from the enjoyment found in the
optimisation to simplify, simplicity is a valuable feature of crypto
coding -- firstly it reduces scope for errors, and secondly it enables
others to more easily read the code and get confidence that they
understand it.

The same thing could be said for the standard, as Ian was arguing.
The simpler the better.

Now this is amusing from my point of view, because as soon as Hal
talks about the challenge of using the serendipity of 160 bit DSS
sigs, I get the urge to join in and figure out ways to save a few more
bytes :-)

Now officially an EAR violation...
Have *you* exported RSA today? -->

print pack"C*",split/\D+/,`echo "16iII*o\U(_at_){$/=$z;[(pop,pop,unpack"H*",<>