From: “Perry E. Metzger” <pmetzger@lehman.com>
To: Matthew J Ghio <mg5n+@andrew.cmu.edu>
Message Hash: b304ed02fdcd0c95ea35799a69642eb118a0cfceb70e783d538c81db833abbbd
Message ID: <9402272147.AA05304@andria.lehman.com>
Reply To: <MhQF3mK00awVM_vEcT@andrew.cmu.edu>
UTC Datetime: 1994-02-27 21:48:05 UTC
Raw Date: Sun, 27 Feb 94 13:48:05 PST
From: "Perry E. Metzger" <pmetzger@lehman.com>
Date: Sun, 27 Feb 94 13:48:05 PST
To: Matthew J Ghio <mg5n+@andrew.cmu.edu>
Subject: Re: anonymous mail
In-Reply-To: <MhQF3mK00awVM_vEcT@andrew.cmu.edu>
Message-ID: <9402272147.AA05304@andria.lehman.com>
MIME-Version: 1.0
Content-Type: text/plain
Matthew J Ghio says:
> Karl Barrus wrote:
>
> > Well, you do have to be careful: a large number of keys doesn't
> > mean a cipher is hard to break, there may be a faster method
> > than brute force.
> Quite true! However, as I pointed out, I tried very hard to eliminate
> all such possibilities that would allow simplifying the key search
> process.
Matt, pardon my saying this, but you sound rather foolish. Did you,
for instance, deliberately make any attempt to prevent differential
cryptanalysis? linear cryptanalysis? Related key attacks? Can you
define any of these? If the answer to any of these is "no" then you
probably aren't in a position to try to design a cryptosystem.
Frankly, I understand all the attacks and I wouldn't trust anything of
my own design -- maybe after letting Biham have a crack at it for a
couple of months I'd feel that I hadn't done anything obviously wrong
and after a year or two of seeing lots of people try to attack it and
fail I'd consider using it -- if there weren't other systems around
that I was more confident in.
Given how easy it is to code up an IDEA or mixed IDEA/DES multround
beast, I see no real advantage to trying to build my own, and lots of
disadvantages.
Perry
Return to February 1994
Return to ““Perry E. Metzger” <pmetzger@lehman.com>”