Mike McNally writes:

...

...

I know it doesn't exercise key technology and relies on the secrecy of the algorithm (which from my very limited knowledge on cryptography I think makes it almost doomed from the start (?))...

The way I like to think of such a scheme is to consider the secret algorithm itself to be the key, ....

This seems to me to be a perfectly valid point of view. One absolute requirement of any decent cryptosystem is that weak keys be vanishingly rare. This can be done if almost all keys are strong or if a simple procedure can be found to identify and eliminate weak keys. Another absolute requirement is the ability to change keys. It is also useful to be able to negotiate keys using procedures like Diffie-Helman key exchange. Your suggested viewpoint shows very clearly why systems that depend on secret algorithm are often quite bad. If you have the resources to adequately evaluate an algorithm yourself, (like the NSA does) you might gain some security by keeping your algorithm secret. Even then, you would want a system that allowed you to change effectively. My personal guess is that an algorithm that can generate novel, secure ciphers is beyond the power of any human agency, and will be for a long time. Incidentally, since the "original poster's friend" knows the algorithm, and every person that ever uses this cipher will have a copy of it, why should I trust this cipher? None of the other users know me, so they should never let me hack^h^hve a copy. So, even if they have found a secure system, (which experience says is very doubtful) I couldn't possibly have any interest in it. Rick F. Hoselton (who doesn't claim to present opinions for others)