Date: Thu, 27 May 1993 11:33:06 -0400 From: "Perry E. Metzger" <lehman.com!pmetzger@cactus.org>
meyer says:
Perry Metzger writes:
Correct me if I'm wrong, but from what I understand, "Dolphin Encrypt" does not use any well examined crypto system -- its something that you guys, without any cryptography credentials, cooked up. On that basis, why should we care about it? Most crypto systems that amateurs come up with are pathetic to say the least, and strong systems, like triple-DES and IDEA, are widely available.
So far the DE method has not been well-examined, except by its developers (who have spent years on this).
In that case, I do not think it is worthy of trust. (See "The Codebreakers" by David Kahn for dozens upon dozens of stories of amateurs who spent long times producing cryptosystems that were essentially junk.)
I am not asking that you take it on trust. If I were I wouldn't be revealing the details of the encryption method and I wouldn't be subjecting the software to critical examination. You omit to point out that Kahn also discusses the cryptosystem invented in the late 18th Century by Thomas Jefferson. I'm not aware that Jefferson was a "professional" cryptologist or that he was "credentialed" in this field. Yet his cryptosystem was sufficiently strong that even after 1922 "other branches of the American government used the Jefferson system, generally slightly modified, and it often defeated the best efforts of the 20th-century cryptanalysts who tried to break it down! To this day the Navy uses it." (Kahn, p.195 of the hardbound edition.) This shows that your distinction between "professionals" (by implication, the experts) and "amateurs" (by implication, the self-deluding fools) is false. There is no such clear-cut distinction. Whether a cryptosystem is strong or not has to be decided by an examination of the system itself, not on the basis of whether its author has attended cryptology classes at M.I.T.
Statistical tests have not revealed any patterns in DE-encrypted ciphertext so far.
Or in 99% of other crypto systems. I can construct completely trivial and easily broken crypto systems that don't reveal any patterns without careful analysis. As an example, it takes mere minutes to break a cryptosystem constructed by XORing the plaintext stream with the output of a linear congruential pseudorandom number generator -- but the output will indeed look random to ordinary statistical tests.
XORing the plaintext with the outcome of a linear congruential PRNG is a very simple-minded way to use a PRNG. Such operations are certainly amenable to mathematical analysis. No doubt you've read your Abraham Sinkov on "Mathematical Cryptanalysis" and other such works, where the solving of simultaneous equations in several (perhaps many) unknowns may yield a solution in some cases. Yet I fail to understand why you assume that someone (even someone "uncredentialed") who uses PRNGs in a cryptosystem will necessarily do so in a simple-minded way. I can't imagine why any intelligent designer of a cryptosystem would commit that error.