From: hoz@univel.telescan.com (rick hoselton)
To: cypherpunks@toad.com
Message Hash: 8c6f40fe475eb054c04651a56cacd5dc8568707408dc5030052c1e4ddccdf89a
Message ID: <9602231402.AA09643@toad.com>
Reply To: N/A
UTC Datetime: 1996-02-23 14:19:16 UTC
Raw Date: Fri, 23 Feb 1996 22:19:16 +0800
From: hoz@univel.telescan.com (rick hoselton)
Date: Fri, 23 Feb 1996 22:19:16 +0800
To: cypherpunks@toad.com
Subject: Re: A Challenge (perhaps!)
Message-ID: <9602231402.AA09643@toad.com>
MIME-Version: 1.0
Content-Type: text/plain
Mike McNally writes:
> > >I know it doesn't exercise key technology and relies on the secrecy of the
> > >algorithm (which from my very limited knowledge on cryptography I think
makes
> > >it almost doomed from the start (?))...
>The way I like to think of such a scheme is to consider the secret
>algorithm itself to be the key, ....
This seems to me to be a perfectly valid point of view.
One absolute requirement of any decent cryptosystem is
that weak keys be vanishingly rare. This can be done if
almost all keys are strong or if a simple procedure can be
found to identify and eliminate weak keys.
Another absolute requirement is the ability to change keys.
It is also useful to be able to negotiate keys using
procedures like Diffie-Helman key exchange.
Your suggested viewpoint shows very clearly why systems that
depend on secret algorithm are often quite bad.
If you have the resources to adequately evaluate an algorithm
yourself, (like the NSA does) you might gain some security by
keeping your algorithm secret. Even then, you would want
a system that allowed you to change effectively. My personal
guess is that an algorithm that can generate novel, secure
ciphers is beyond the power of any human agency, and will be
for a long time.
Incidentally, since the "original poster's friend" knows the algorithm,
and every person that ever uses this cipher will have a copy of it,
why should I trust this cipher? None of the other users know me, so
they should never let me hack^h^hve a copy. So, even if they have found
a secure system, (which experience says is very doubtful) I couldn't
possibly have any interest in it.
Rick F. Hoselton (who doesn't claim to present opinions for others)
Return to February 1996
Return to “hoz@univel.telescan.com (rick hoselton)”
1996-02-23 (Fri, 23 Feb 1996 22:19:16 +0800) - Re: A Challenge (perhaps!) - hoz@univel.telescan.com (rick hoselton)