From: Alan Olsen <alano@teleport.com>
Date: Sun, 3 Mar 1996 23:17:19 +0800
To: cypherpunks@toad.com
Subject: Re: Cryptanalysis
Message-ID: <2.2.32.19960302065210.009574b4@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


At 03:55 PM 2/29/96 -0800, Timothy C. May wrote:

>There are several places to look:

Thanks for the sources.  More money is going to get dumped into cryptobooks
soon.  (I am amazed how little exists on the web on the topic.) I had seen a
few of the books at a local bookstore, but I was uncertain of their quality.
(They also had a number of snake-oil crypto books.)

>However, these books are based on work done in WWII and the following
>decade(s), so the stuff is pretty dated. Still, nearly any "snake oil
>crypto" system, such as it sounds like your friend is building, will likely
>be far weaker than the ciphers the NSA was attacking back in the early
>days.

The author has failed to call me back.  I do have some serious concerns
about the code.  (There is not a single XOR used, except to clear
registers!)  I am starting to suspect that it is based on a mathematical
progression based on the numbers 40, 28, 36.  I need to spend a bit of time
on the code with a debugger to find out just where that segment of code is
located.  (Should not take too long...  Just have to make the time.)

>* The journal "Cryptologia" is largely devoted to amateur cryptanalysis.

The web info for back issues listed a web page from a publisher that had no
listing for them on the server.  I will be sending mail to get more info...

>>The Cyphernomicon has a couple of paragraphs, but nothing on
>>techniques or pointers to other references.  RSA's FAQ has
>>little to nothing as well. A web search turned up little
>>useful. Most of the other references I have found have been for
>>current cyphers, but next to nothing about breaking them.
>
>There are very good reasons to say little about "conventional
>cryptanalysis": it just doesn't matter much with modern ciphers, such as
>public key systems. Modern ciphers don't fall to conventional attacks based
>on word frequency, pattern analysis, etc.

Still an interesting topic...

>Your friend is on a hopeless task. If he doesn't understand just how
>hopeless it is to develop a homegrown, conventional cipher then he's
>certainly not likely to take the time to become a skilled amateur
>cryptanalyst.

I am trying to convince him of the futility of the task.  (It is hard as his
ego keeps getting in the way.)  I just want to give him reasons why it is
weak and not just glittering generalities.

Thanks again for the book references!
---
Alan Olsen -- alano@teleport.com -- Contract Web Design & Instruction
        `finger -l alano@teleport.com` for PGP 2.6.2 key 
                http://www.teleport.com/~alano/ 
  "We had to destroy the Internet in order to save it." - Sen. Exon
"I, Caligula Clinton... In the name of the Senate and the people of Rome!"
   - Bill Clinton signing the CDA with the First Amendment bent over.