From: "A. Padgett Peterson P.E. Information Security" <PADGETT@hobbes.orl.mmc.com>
Date: Sun, 3 Mar 1996 03:26:06 +0800
To: cypherpunks@toad.com
Subject: Re: Cryptoanalysis
Message-ID: <960302132805.20201e1e@hobbes.orl.mmc.com>
MIME-Version: 1.0
Content-Type: text/plain


>(I am amazed how little exists on the web on the topic.) I had seen a
>few of the books at a local bookstore, but I was uncertain of their quality.
>(They also had a number of snake-oil crypto books.)

Well, as soon as people can charge a cyber-dime/quarter/or buck to read/
download you will see a change. Most authors make little (like $1.00/copy)
from book sales so if made cheap enough so that is easier to download than 
pirate you will see a big change.


>The author has failed to call me back.  I do have some serious concerns
>about the code.  (There is not a single XOR used, except to clear
>registers!) 

Why bother (kind like reinventing ASCII), we have good, proven crypto
algorithms, some even in public domain. Is easy to code. Hard part is
making it fast and easy & available anywhere (what I like about the 
PGP enclyptor). Another hard part is good key management. Like computer
viruses in which there is nothing interesting about the propagation (what
makes a virus a virus), the crypto part is a done deal, have had good
stuff for years.

> I am starting to suspect that it is based on a mathematical
>progression based on the numbers 40, 28, 36.

Ah yes, being hearing impaired I always wanted a watch that would poke. My
1968 Seiko "Bellmatic" is close - ringing the bell makes it vibrate.


>I am trying to convince him of the futility of the task.  (It is hard as his
>ego keeps getting in the way.)  I just want to give him reasons why it is
>weak and not just glittering generalities.

Not futile, just already done. Should concentrate on things that are
"impossible" 8*).

						Warmly,
							Padgett