1994-08-08 - amateur ciphers

Header Data

From: “Perry E. Metzger” <perry@imsi.com>
To: cypherpunks@toad.com
Message Hash: 39f63c85b48a4a6b985f61c541bbf445154351d4728f73b045448c607b7fc2ff
Message ID: <9408081200.AA21156@snark.imsi.com>
Reply To: <199408080606.AA26364@xs4all.hacktic.nl>
UTC Datetime: 1994-08-08 12:00:38 UTC
Raw Date: Mon, 8 Aug 94 05:00:38 PDT

Raw message

From: "Perry E. Metzger" <perry@imsi.com>
Date: Mon, 8 Aug 94 05:00:38 PDT
To: cypherpunks@toad.com
Subject: amateur ciphers
In-Reply-To: <199408080606.AA26364@xs4all.hacktic.nl>
Message-ID: <9408081200.AA21156@snark.imsi.com>
MIME-Version: 1.0
Content-Type: text/plain

an118@vox.hacktic.nl says:
> I saw an interesting post in sci.crypt last week about a particular cypher.
> I think it ws called "The Penknife Cypher" or something along those lines.
> I guess I have been so PGP oriented that i've sort of stuck my head in the
> sand and ignored other possibilities regarding encryption.
> ARE there any other good cypher's out there, suitable for e-mail usage?

The only really reasonable symmetric key ciphers out there in
publically described form these days are DES, 3-DES and IDEA. There
are a couple of things that may be okay, but which aren't out in the
public literature (RC2 and RC4), a couple of things that are likely
okay but which we are REALLY not going to find anything out about for
a while (Skipjack :-) and a couple of things that are promising (like
Coppersmith's new SEAL stream cipher, which looks quite interesting

Periodically, on sci.crypt and on this list, flakey people post their
latest bathtub cipher. Most of these are extremely poor. Sometimes
people post long dissertations on their new cipher, which last for
tens of pages full of what the authors imagine to be extremely
scholarly commentary. Sometimes these people get very angry that no
one is responding to their comments. Don't use these ciphers.

There are also people out there who are "talented amateurs" or
"experimenting professonals" who post experimental ciphers that
they've come up with that they know probably aren't that great but
which they discuss in public. These shouldn't be used, either, but
they are more interesting to look at.

Constructing a cipher which is actually safe for real use is a VERY
difficult thing. Most amateurs don't even know why their attempts are
silly looking. Don't assume that because something is posted to the
net that its safe to use.