Sunday, June 5, 2011

PERSEUS Principles


A few recent comments seem to prove that people speak a lot about Perseus without a clear knowledge of what it is and claim that the mathematical principles are not neither known nor published. Well. This is not the case (otherwise the challenge would not be fair and would not comply to Kerckhoffs' laws).
Here are the main technical data (published for more than one year):
Moreover the industrial support and development (secure implementations for example) is provided by DFT Technologies.

Due to some misunderstanding about the challenge conditions and the fact that no binaries are provided (we wish to make the concept to be tested/evaluated and not a particular implementation), we have just issued a new version of the PERSEUS Lib which uses random generation by means of the /dev/random primitives (in your application just remind that /dev/random is a blocking device and the kernel will have to be helped eventually during the encoder generation).

Of course, that does not affect the conditions and validity of the challenge but we just want to calm down and take into account some wise comments and feedbacks (and we need constructive feedbacks all the time). Once again the use of rand() was far from being optimal (we plead guilty since we were aware of this weakness and even exploit it in the past) but by laziness or lack of care we concentrated on the concept rather on the security of the implementation. Now it is fixed as well as the x00 bug (that was relevant for the python version only). We hope that now people will concentrate on the concept security itself. The PERSEUS concept can be very useful to many people as confirmed by many feedbacks.

For people who use personal attacks against my work, I will not make any comment. They do not deserve it. They have just to keep in mind that it is far easier to criticize than taking risks by fighting in the arena, trying to make security progress. and proposing new trends in data security. For those who pointed out our lack of care with the rand() primitive, well they were right so thanks to them. They did their job.

Now let us go ahead.