1993-06-03 - Re: snake oil

Header Data

From: “Perry E. Metzger” <pmetzger@lehman.com>
To: Nickey MacDonald <i6t4@jupiter.sun.csd.unb.ca>
Message Hash: f246de2c80f614cc37b2b9bf029ab30cd4e17a347067e645888fb39bb2c05808
Message ID: <9306032354.AA12581@snark.shearson.com>
Reply To: <Pine.3.05.9306031942.B29415-a100000@jupiter>
UTC Datetime: 1993-06-03 23:55:05 UTC
Raw Date: Thu, 3 Jun 93 16:55:05 PDT

Raw message

From: "Perry E. Metzger" <pmetzger@lehman.com>
Date: Thu, 3 Jun 93 16:55:05 PDT
To: Nickey MacDonald <i6t4@jupiter.sun.csd.unb.ca>
Subject: Re: snake oil
In-Reply-To: <Pine.3.05.9306031942.B29415-a100000@jupiter>
Message-ID: <9306032354.AA12581@snark.shearson.com>
MIME-Version: 1.0
Content-Type: text/plain

Nickey MacDonald says:
> This raises a question...  I don't think this has been addressed yet (I
> am a bit behind in my mail) and might be worthwhile putting in the FAQ...
> If I just dreamed up a new gee whiz "new" cypher, should I post it to the
> list for comments, or is this frowned on?  (As it happens, I happen to
> have what I **think** is a new approach to cyphering, and the answer to this
> question will determine wheter anyone hears about it or not...)

My suggestion is this.

Its perfectly appropriate to post the cypher to the list PROVIDED you
take the right attitude, which is to say something like:

"The following is something I just thought up. I'm not a pro, and I
worry that this thing has holes. Anyone care to give me hints on what
they might be?"

My objection has never been to people developing new cypher systems.
Its always been to people claiming, in the absense of very strong
attempts to break their system, that their system is secure. Provided
you aren't trying to encourage people to use a new system you are
developing, what harm can discussing it possibly do? On the other
hand, great harm can be caused by fools pushing systems they have
designed in the absense of expertise -- that was specifically the sort
of objection I had to the whole "Dolphin Encrypt" thing.

Sci.crypt is likely a better place to post a query about a new cypher,
of course.

> Is there a comprehensive list of short "already been done" types of
> cyphers?  (Whether failed or "still" succesful.)  A good book?

I would suggest looking in the sci.crypt FAQ -- its got lots of good
intro material and reading lists.