At 3:58 PM -0500 10/14/97, semprini@theschool.com wrote:
This is in response to the several posts regarding the assumed weakness in the program I wrote:
While it is true that PRNG's are not very good, because of the inherent lattice structure, I believe I found a way around that problem. To work around the lattice problem, I used a systm of cubic arrays. The program first creates sixteen cubic arrays, and fills them one space at a time with random characters. When the stream of characters to be XORed with the plaintext is generated, it picks a random cube and a random location with that cube. The resulting "random" character is then XORed with the appropriate character of the plaintext. If someone can prove to me that this method is stupid or easily breakable, I would actually be happy. So, those of you bent on proving that I'm wrong, I heartily encourage you to do so. As I mentioned before, you can download both the compiled version *and* the source at "http://www.brigadoon.com/~semprini/3dmx". If you are having trouble reaching that site, e-mail me and I will send you a copy via e-mail.
Good luck, but be aware that you won't get much free analysis. In general, algorithms that aren't published don't get looked at very carefully (mostly because there's no real upside in doing so--at least if the algorithm is published you can get a paper out of a break). You might have more luck if you posted the algorthm (not in source code, but in a mathematical description) along with a comprehensive analysis of its security against existing attacks. (There is a lot of published research on the analysis of stream ciphers, although the field is much less well-studied than block cipher analysis.) Good security arguments, proofs even, will make more people interested. Cheers, Bruce ********************************************************************** Bruce Schneier, President, Counterpane Systems Phone: 612-823-1098 101 E Minnehaha Parkway, Minneapolis,MN 55419 Fax: 612-823-1590 http://www.counterpane.com