Michael Torrie <torr...@gmail.com> writes: > Furthermore you cannot prove a negative, which is what proving > security is for anything but the trivial case. Are you saying this is > untrue?
I've always thought that there are no two even numbers that when you add them together, give you an odd number. Are you saying that statement can't be proven? > But how does one prove a system is secure except by enumerating attack > vectors In the case of encryption, you do a reduction proof to a recognized primitive like AES. That is, you show that if your system is breakable, you can transform the break into a break against AES itself. That's the best you can do at the moment, because the open status of the P!=NP problem means that no one knows how to prove that any primitive (such as AES) is secure. The reduction proof means that the evidence for AES's security also applies to your system. Of course that's just for the cipher itself. For the entire surrounding software/hardware/process system which is mostly not mathematical, you're right, there's no way to (mathematically) prove security or even to define it. -- https://mail.python.org/mailman/listinfo/python-list