Category talk:Broken block ciphers

Criteria for the subcategories

 * [Moved from my talk page -- intgr [talk] 21:51, 24 August 2009 (UTC)]

What criteria are you using for inclusion in Category:Broken cryptography algorithms and subcats? I think it's clear that KN-Cipher belongs in Category:Broken block ciphers, but there is no published cryptanalysis of BassOmatic, and making Category:Advanced Encryption Standard a subcat of Category:Broken block ciphers seems inappropriate. Most any cryptographic primitive that's been studied in the public community will have some certificational weakness; but the true situation is more subtle than an all-or-nothing "broken" designation would imply. Ntsimp (talk) 21:15, 24 August 2009 (UTC)


 * Published research is a fair one to go by. Faster than brute force attacks are how the cryptography community defines "broken" for symmetric algorithms &mdash; as far as I can tell. As for AES, given that there's a related-key attack against AES-256 in 2119 time, I think it fits the definition of "broken" even if it's not a practical attack.
 * BassOmatic is an exception; based on personal accounts from Zimmermann, I think it's fair to conclude that the cipher must have been a pretty bad one. -- intgr [talk] 21:38, 24 August 2009 (UTC)


 * Is your adoption of the category a sign of agreement? I'm open to discussion, I was just stating my rationale. -- intgr [talk] 03:12, 25 August 2009 (UTC)


 * I honestly haven't made up my mind yet. I really don't like calling AES "broken", making it seem somehow weaker than a stupid amateur cipher that's notable enough for an article but has no published attacks. Some of the ciphers like Nimbus are no-brainers, but many of these algorithms have no known practical cryptanalysis. On the other hand, any arbitrary line we could draw would be WP:OR. So for now I'm not sure; I was just populating the category since it exists. Ntsimp (talk) 03:41, 25 August 2009 (UTC)

In any case, once there is some consensus, the Category page should state the criteria. I notice that Triple DES has been added. I'm not sure that's appropriate - according to SP 800-67, NIST thinks Triple DES is good until 3030. Mitch Ames (talk) 11:59, 26 August 2009 (UTC)
 * I'm the one who added Triple DES, and I'm not sure it's appropriate either. But it fits intgr's criteria; there are attacks faster than brute force. Ntsimp (talk) 12:35, 26 August 2009 (UTC)