1993-06-04 - Re: snake oil (Posting ciphers to the list)

Header Data

From: tcmay@netcom.com (Timothy C. May)
To: cypherpunks@toad.com
Message Hash: 90fa4d5270cbaca55e0e36c5b11b674832649db4900090d9c9ddfdd123549700
Message ID: <9306040840.AA29946@netcom3.netcom.com>
Reply To: <9306032354.AA12581@snark.shearson.com>
UTC Datetime: 1993-06-04 08:39:37 UTC
Raw Date: Fri, 4 Jun 93 01:39:37 PDT

Raw message

From: tcmay@netcom.com (Timothy C. May)
Date: Fri, 4 Jun 93 01:39:37 PDT
To: cypherpunks@toad.com
Subject: Re: snake oil (Posting ciphers to the list)
In-Reply-To: <9306032354.AA12581@snark.shearson.com>
Message-ID: <9306040840.AA29946@netcom3.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain

Perry Metzger writes on the matter of posting newly-invented ciphers
to the Cypherpunks list:

> My suggestion is this.
> Its perfectly appropriate to post the cypher to the list PROVIDED you
> take the right attitude, which is to say something like:
> "The following is something I just thought up. I'm not a pro, and I
> worry that this thing has holes. Anyone care to give me hints on what
> they might be?"

Good advice! Some hubris might pique the interest of readers.

> Sci.crypt is likely a better place to post a query about a new cypher,
> of course.

Yes, except that they for the most part hate it when folks post "I
dare you to break my new cipher" messages. Understandably so, for the
reasons Perry gave (smugness, etc.) and also because:

a. usually not enough ciphertext can be posted to allow a reasonable

b. the odds of a newbie inventing something really new are slim (yes,
it _may_ happen, but it's not likely)

c. people have better things to do that spend hours or days trying to
break a system which has these problems (and may just be deliberate

(Cryptanalysis is economics, as some folks like to say. If a message
is important, or a particular cryptosystem has passed some initial
tests--such as the algorithm being published, the basic mathematics
presented as plausible, etc.--then more effort can be justified. But
not on Joe Cipher's latest effort.)

(this quote is from Nicky M.)

> > Is there a comprehensive list of short "already been done" types of
> > cyphers?  (Whether failed or "still" succesful.)  A good book?

Kahn's "The Codebreakers" for a historical perspective, the various
crypto books referred to here for mathematical background (Denning,
Brassard, Salomaa, Simmons, Patterson, etc.), and "Cryptologia" for
insights into amateur cryptanalysis and cipher-building.

Be aware that most amateurs--and I hardly speak from experience, just
reading of the literature--end up reinventing the old _types_ of
ciphers....the new ones, with s-boxes, or based on hard math problems
(like RSA), typically require a lot of background in math.

Hope this helps, and hope this eases any hard feelings folks may have
when their Super Duper Encrypter is not analyzed by a dozen
Cypherpunks. Or even one.

-Tim May 

Timothy C. May         | Crypto Anarchy: encryption, digital money,  
tcmay@netcom.com       | anonymous networks, digital pseudonyms, zero
408-688-5409           | knowledge, reputations, information markets, 
W.A.S.T.E.: Aptos, CA  | black markets, collapse of governments.
Higher Power: 2^756839 | Public Key: PGP and MailSafe available.
Note: I put time and money into writing this posting. I hope you enjoy it.