I saw an interesting post in sci.crypt last week about a particular cypher. I think it ws called "The Penknife Cypher" or something along those lines. I guess I have been so PGP oriented that i've sort of stuck my head in the sand and ignored other possibilities regarding encryption. ARE there any other good cypher's out there, suitable for e-mail usage? And more importantly, are they readily available, likely through ftp from some European source. I guess it doesn't matter how popular they are, but how secure they are. I'd be interested in a strong one for usage between a couple of friends and myself. The keys could be spread via PGP and then I suppose we could start using the cypher. Any ideas? Or is my best bet to pickup Schneir's Applied Cryptography and use an algorithim from that? -------------------------------------------------------------------------- To find out more about the anon service, send mail to help@vox.hacktic.nl Please report any problems, inappropriate use etc. to admin@vox.hacktic.nl Direct replies to the sender of this message are -not- anonymised <YuK>
an118@vox.hacktic.nl says:
I saw an interesting post in sci.crypt last week about a particular cypher. I think it ws called "The Penknife Cypher" or something along those lines. I guess I have been so PGP oriented that i've sort of stuck my head in the sand and ignored other possibilities regarding encryption.
ARE there any other good cypher's out there, suitable for e-mail usage?
The only really reasonable symmetric key ciphers out there in publically described form these days are DES, 3-DES and IDEA. There are a couple of things that may be okay, but which aren't out in the public literature (RC2 and RC4), a couple of things that are likely okay but which we are REALLY not going to find anything out about for a while (Skipjack :-) and a couple of things that are promising (like Coppersmith's new SEAL stream cipher, which looks quite interesting indeed.) Periodically, on sci.crypt and on this list, flakey people post their latest bathtub cipher. Most of these are extremely poor. Sometimes people post long dissertations on their new cipher, which last for tens of pages full of what the authors imagine to be extremely scholarly commentary. Sometimes these people get very angry that no one is responding to their comments. Don't use these ciphers. There are also people out there who are "talented amateurs" or "experimenting professonals" who post experimental ciphers that they've come up with that they know probably aren't that great but which they discuss in public. These shouldn't be used, either, but they are more interesting to look at. Constructing a cipher which is actually safe for real use is a VERY difficult thing. Most amateurs don't even know why their attempts are silly looking. Don't assume that because something is posted to the net that its safe to use. Perry
an118@vox.hacktic.nl says:
I saw an interesting post in sci.crypt last week about a particular cypher. I think it ws called "The Penknife Cypher" or something along those lines. I guess I have been so PGP oriented that i've sort of stuck my head in the sand and ignored other possibilities regarding encryption.
ARE there any other good cypher's out there, suitable for e-mail usage?
The only really reasonable symmetric key ciphers out there in publically described form these days are DES, 3-DES and IDEA. There are a couple of things that may be okay, but which aren't out in the public literature (RC2 and RC4), a couple of things that are likely okay but which we are REALLY not going to find anything out about for a while (Skipjack :-) and a couple of things that are promising (like Coppersmith's new SEAL stream cipher, which looks quite interesting indeed.)
What about MDC and Luby-Rackoff (spelling?). I mean sure, they haven't been subjected to much scrutiny, but they appear to be as strong as their underlying one-way hashes. I think that their blazing speed merits giving them serious consideration. Besides, weren't people calling IDEA pretty secure when it had been subjected to as much analysis as LR and MDC have been subjected to thus far? JWS
an118@vox.hacktic.nl says:
I saw an interesting post in sci.crypt last week about a particular cypher. I think it ws called "The Penknife Cypher" or something along those lines. I guess I have been so PGP oriented that i've sort of stuck my head in the sand and ignored other possibilities regarding encryption.
ARE there any other good cypher's out there, suitable for e-mail usage?
The only really reasonable symmetric key ciphers out there in publically described form these days are DES, 3-DES and IDEA. There are a couple of things that may be okay, but which aren't out in the public literature (RC2 and RC4), a couple of things that are likely okay but which we are REALLY not going to find anything out about for a while (Skipjack :-) and a couple of things that are promising (like Coppersmith's new SEAL stream cipher, which looks quite interesting indeed.)
I wonder on which evidence you base your assumptions ?? (I would assume schneiers book) While I agree with the above ciphers, I would also add Loki and Redoc-II both achieved good results (much better than DES) in regards to differential cryptanalysis. Also Loki has also performed well against Linear cryptanalysis - Matsui. (Biham & Shamir - Differential Cryptanalysis of the Data Encryption Standard) [ deleted info about trusting amateur ciphers ] While Schneier's book is a very good guide, it is not very advisable to make assumptions on the security of algorithms based on his book. One should look at results from those performing cryptanalysis of such ciphers. Such as biham and matsui.
Perry
-- +---------------------+--------------------------------------------------+ | ____ ___ | Justin Lister ruf@cs.uow.edu.au | | | \\ /\ __\ | Center for Computer Security Research | | | |) / \_/ / |_ | Dept. Computer Science voice: 61-42-214-330 | | | _ \\ /| _/ | University of Wollongong fax: 61-42-214-329 | | |_/ \/ \_/ |_| (tm) | Computer Security a utopian dream... | | | LiNuX - the only justification for using iNTeL | +---------------------+--------------------------------------------------+
Justin Lister says:
The only really reasonable symmetric key ciphers out there in publically described form these days are DES, 3-DES and IDEA. There are a couple of things that may be okay, but which aren't out in the public literature (RC2 and RC4), a couple of things that are likely okay but which we are REALLY not going to find anything out about for a while (Skipjack :-) and a couple of things that are promising (like Coppersmith's new SEAL stream cipher, which looks quite interesting indeed.)
I wonder on which evidence you base your assumptions ?? (I would assume schneiers book)
More the papers in the public literature, actually.
While Schneier's book is a very good guide, it is not very advisable to make assumptions on the security of algorithms based on his book. One should look at results from those performing cryptanalysis of such ciphers. Such as biham and matsui.
I fully agree. I was reading in this field a long time before Bruce even began writing. Perry
participants (4)
-
an118@vox.hacktic.nl -
Justin Lister -
Perry E. Metzger -
solman@MIT.EDU