From: "Perry E. Metzger" <perry@piermont.com>
Date: Wed, 25 Oct 95 11:14:27 PDT
To: Scott Brickner <sjb@universe.digex.net>
Subject: Re: Reformated: How secure....
In-Reply-To: <199510251759.NAA26251@universe.digex.net>
Message-ID: <199510251814.OAA09113@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Scott Brickner writes:
> "Perry E. Metzger" writes:
> >Amateurs pretending that they are professionals going out and selling
> >snake-oil crypto are one of the biggest threats in our business.
> 
> and then...
> 
> >I suspect it would take a real cryptographer very little effort to
> >break your system, but that no one will bother doing so because it
> >isn't really worth anyone's time.
> 
> Well, Perry, if it's really such a threat, isn't it worth someone's
> time to combat it?
> 
> Wasn't that point driven home by the Netscape PRNG problems?

Netscape is in wide use. If a substantial number of people bothered to
use the Privsoft, then it might be worth breaking it. As it stands, I
don't think its worth my while. Maybe someone out there wants to
bother to do it as an exercise. It unfortunately has a bit of added
complexity because you have to learn a bit about image statistics in
order to do a good job of segregating the images, but it also looks
like you might be able to use multiple anagramming to get a nice
handle on the thing so your statistics don't have to be particularly
good.

Perry