From: Bruce Schneier <schneier@counterpane.com>
To: cypherpunks@toad.com
Message Hash: d631e02e621d8b3bbf4ab9cfce374235d78163be51ab6e06533fd6c23ffa421c
Message ID: <v03007809b069aa614195@[209.98.13.239]>
Reply To: <199710141958.MAA22050@k2.brigadoon.com>
UTC Datetime: 1997-10-14 23:28:56 UTC
Raw Date: Wed, 15 Oct 1997 07:28:56 +0800
From: Bruce Schneier <schneier@counterpane.com>
Date: Wed, 15 Oct 1997 07:28:56 +0800
To: cypherpunks@toad.com
Subject: Re: Encyrption Program
In-Reply-To: <199710141958.MAA22050@k2.brigadoon.com>
Message-ID: <v03007809b069aa614195@[209.98.13.239]>
MIME-Version: 1.0
Content-Type: text/plain
At 3:58 PM -0500 10/14/97, semprini@theschool.com wrote:
>This is in response to the several posts regarding the assumed
>weakness in the program I wrote:
>
> While it is true that PRNG's are not very good, because of the
>inherent lattice structure, I believe I found a way around that
>problem. To work around the lattice problem, I used a systm of cubic
>arrays. The program first creates sixteen cubic arrays, and fills
>them one space at a time with random characters. When the stream of
>characters to be XORed with the plaintext is generated, it picks a
>random cube and a random location with that cube. The resulting
>"random" character is then XORed with the appropriate character of
>the plaintext. If someone can prove to me that this method is stupid
>or easily breakable, I would actually be happy. So, those of you bent
>on proving that I'm wrong, I heartily encourage you to do so. As I
>mentioned before, you can download both the compiled version *and*
>the source at "http://www.brigadoon.com/~semprini/3dmx". If you are
>having trouble reaching that site, e-mail me and I will send you a
>copy via e-mail.
Good luck, but be aware that you won't get much free analysis. In
general, algorithms that aren't published don't get looked at very
carefully (mostly because there's no real upside in doing so--at least
if the algorithm is published you can get a paper out of a break).
You might have more luck if you posted the algorthm (not in source
code, but in a mathematical description) along with a comprehensive
analysis of its security against existing attacks. (There is a lot
of published research on the analysis of stream ciphers, although the
field is much less well-studied than block cipher analysis.) Good
security arguments, proofs even, will make more people interested.
Cheers,
Bruce
**********************************************************************
Bruce Schneier, President, Counterpane Systems Phone: 612-823-1098
101 E Minnehaha Parkway, Minneapolis,MN 55419 Fax: 612-823-1590
http://www.counterpane.com
Return to October 1997
Return to “semprini@theschool.com”