From: hoz@univel.telescan.com (rick hoselton)
Date: Fri, 23 Feb 1996 22:19:16 +0800
To: cypherpunks@toad.com
Subject: Re: A Challenge (perhaps!)
Message-ID: <9602231402.AA09643@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


Mike McNally writes:

> > >I know it doesn't exercise key technology and relies on the secrecy of the
> > >algorithm (which from my very limited knowledge on cryptography I think
makes
> > >it almost doomed from the start (?))... 

>The way I like to think of such a scheme is to consider the secret
>algorithm itself to be the key, ....

This seems to me to be a perfectly valid point of view.  

One absolute requirement of any decent cryptosystem is 
that weak keys be vanishingly rare.  This can be done if 
almost all keys are strong or if a simple procedure can be 
found to identify and eliminate weak keys.  

Another absolute requirement is the ability to change keys.

It is also useful to be able to negotiate keys using 
procedures like Diffie-Helman key exchange.

Your suggested viewpoint shows very clearly why systems that 
depend on secret algorithm are often quite bad.

If you have the resources to adequately evaluate an algorithm 
yourself, (like the NSA does) you might gain some security by 
keeping your algorithm secret.  Even then, you would want 
a system that allowed you to change effectively.  My personal 
guess is that an algorithm that can generate novel, secure 
ciphers is beyond the power of any human agency, and will be 
for a long time.  

Incidentally, since the "original poster's friend" knows the algorithm, 
and every person that ever uses this cipher will have a copy of it, 
why should I trust this cipher?  None of the other users know me, so 
they should never let me hack^h^hve a copy.  So, even if they have found 
a secure system, (which experience says is very doubtful) I couldn't 
possibly have any interest in it.











Rick F. Hoselton  (who doesn't claim to present opinions for others)