At 03:55 PM 2/29/96 -0800, Timothy C. May wrote:
There are several places to look:
Thanks for the sources. More money is going to get dumped into cryptobooks soon. (I am amazed how little exists on the web on the topic.) I had seen a few of the books at a local bookstore, but I was uncertain of their quality. (They also had a number of snake-oil crypto books.)
However, these books are based on work done in WWII and the following decade(s), so the stuff is pretty dated. Still, nearly any "snake oil crypto" system, such as it sounds like your friend is building, will likely be far weaker than the ciphers the NSA was attacking back in the early days.
The author has failed to call me back. I do have some serious concerns about the code. (There is not a single XOR used, except to clear registers!) I am starting to suspect that it is based on a mathematical progression based on the numbers 40, 28, 36. I need to spend a bit of time on the code with a debugger to find out just where that segment of code is located. (Should not take too long... Just have to make the time.)
* The journal "Cryptologia" is largely devoted to amateur cryptanalysis.
The web info for back issues listed a web page from a publisher that had no listing for them on the server. I will be sending mail to get more info...
The Cyphernomicon has a couple of paragraphs, but nothing on techniques or pointers to other references. RSA's FAQ has little to nothing as well. A web search turned up little useful. Most of the other references I have found have been for current cyphers, but next to nothing about breaking them.
There are very good reasons to say little about "conventional cryptanalysis": it just doesn't matter much with modern ciphers, such as public key systems. Modern ciphers don't fall to conventional attacks based on word frequency, pattern analysis, etc.
Still an interesting topic...
Your friend is on a hopeless task. If he doesn't understand just how hopeless it is to develop a homegrown, conventional cipher then he's certainly not likely to take the time to become a skilled amateur cryptanalyst.
I am trying to convince him of the futility of the task. (It is hard as his ego keeps getting in the way.) I just want to give him reasons why it is weak and not just glittering generalities. Thanks again for the book references! --- Alan Olsen -- alano@teleport.com -- Contract Web Design & Instruction `finger -l alano@teleport.com` for PGP 2.6.2 key http://www.teleport.com/~alano/ "We had to destroy the Internet in order to save it." - Sen. Exon "I, Caligula Clinton... In the name of the Senate and the people of Rome!" - Bill Clinton signing the CDA with the First Amendment bent over.