-----BEGIN PGP SIGNED MESSAGE-----
I assume from this statement that you haven't looked at my code. Send me email and I'll give you a copy... or maybe someone that I gave it to could put it up on an FTP site, so you can get it anonymously.
Hey Matt, I'd be interested in a copy of your code!
Yes, the cipher is of my own design. First off, I can assure you that a brute-force keysearch will not work. The cipher employs three 36 element substitution arrays, which gives a total of 3x36! possible keys, or over 10^42. DES has about 7.2 x 10^16 possible keys and IDEA about 10^38.
Well, you do have to be careful: a large number of keys doesn't mean a cipher is hard to break, there may be a faster method than brute force. For instance, those cryptograms some papers print in the puzzle section are a simple substition cipher, with 26! keys... yet they are also pretty much trivially breakable with enough input. Karl Barrus <klbarrus@owlnet.rice.edu> -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLXD7gIOA7OpLWtYzAQG6wQP/Qcim32WFYHrjZ53bIHJ2CSjmoRSmh5XI Gcm9LbvvwPOywAzEzWaTw0g31c6rz9xor/g8EYX25lyMsYSX36LpyrZRO77XeJI4 sEitU9S8Dp0GWIVgXT6a2reLkUwbIuTU5Y4KFpRvbvTKN33GU+GKFgPAxV6/+FLr d+rC3w2F/ms= =U9gg -----END PGP SIGNATURE-----
Karl Barrus wrote:
Well, you do have to be careful: a large number of keys doesn't mean a cipher is hard to break, there may be a faster method than brute force. For instance, those cryptograms some papers print in the puzzle section are a simple substition cipher, with 26! keys... yet they are also pretty much trivially breakable with enough input.
Quite true! However, as I pointed out, I tried very hard to eliminate all such possibilities that would allow simplifying the key search process. It's also very easy to modify the program to support a larger key and additional encryption rounds.
Matthew J Ghio says:
Karl Barrus wrote:
Well, you do have to be careful: a large number of keys doesn't mean a cipher is hard to break, there may be a faster method than brute force.
Quite true! However, as I pointed out, I tried very hard to eliminate all such possibilities that would allow simplifying the key search process.
Matt, pardon my saying this, but you sound rather foolish. Did you, for instance, deliberately make any attempt to prevent differential cryptanalysis? linear cryptanalysis? Related key attacks? Can you define any of these? If the answer to any of these is "no" then you probably aren't in a position to try to design a cryptosystem. Frankly, I understand all the attacks and I wouldn't trust anything of my own design -- maybe after letting Biham have a crack at it for a couple of months I'd feel that I hadn't done anything obviously wrong and after a year or two of seeing lots of people try to attack it and fail I'd consider using it -- if there weren't other systems around that I was more confident in. Given how easy it is to code up an IDEA or mixed IDEA/DES multround beast, I see no real advantage to trying to build my own, and lots of disadvantages. Perry
"Perry E. Metzger" <pmetzger@lehman.com> wrote:
Given how easy it is to code up an IDEA or mixed IDEA/DES multround beast, I see no real advantage to trying to build my own, and lots of disadvantages.
The program was designed to accept improvements in the encryption transparently, so I did plan ahead. :) I can add encryption algorythms, and have the software accept addresses of both the old and new ciphers. I didn't happen to have any DES/IDEA code handy when I was programming it, so I just used what I had. Since several people have expressed concern about the encryption, I will add another encryption layer consisting of either DES or IDEA.
participants (3)
-
catalyst-remailer@netcom.com -
Matthew J Ghio -
Perry E. Metzger