-----BEGIN PGP SIGNED MESSAGE----- Well on another mailing list I have been chastised for calling Misty "snake-oil". Has anyone actually examined this algorithm? Seems there is an IETF Draft on it (draft-ohta-misty1desc-00.txt). Any opinions on it?? My only exposure has be through the pidgon-english posts of Nobuki Nakatuji (if it looks like a duck, it smells like a duck, it quacks like a duck ....). - -- - --------------------------------------------------------------- William H. Geiger III http://users.invweb.net/~whgiii Geiger Consulting Cooking With Warp 4.0 Author of E-Secure - PGP Front End for MR/2 Ice PGP & MR/2 the only way for secure e-mail. OS/2 PGP 2.6.3a at: http://users.invweb.net/~whgiii/pgpmr2.html - --------------------------------------------------------------- Tag-O-Matic: I use OS/2 2.0 and I don't care who knows! -----BEGIN PGP SIGNATURE----- Version: 2.6.3a-sha1 Charset: cp850 Comment: Registered_User_E-Secure_v1.1b1_ES000000 iQCVAwUBNMbWgY9Co1n+aLhhAQFjoQQAgRac4gm3MM1mbZUfb0jH21b7gQt1IRYR wWFilIA2am/6x+bmF3RKG64A9/iwp00rD45g2yybw91Gg3/87nEMjPBpo+DCchtb psYRKyDOTxOAr7GljOa2k4HJAfNDqjxQ56sI/4whk2PEADnpHilzln98tEJobZA7 oxZw9FeGlig= =M0fT -----END PGP SIGNATURE-----
At 9:08 PM -0800 1/21/98, William H. Geiger III wrote:
Well on another mailing list I have been chastised for calling Misty "snake-oil".
Has anyone actually examined this algorithm? Seems there is an IETF Draft on it (draft-ohta-misty1desc-00.txt).
Any opinions on it?? My only exposure has be through the pidgon-english posts of Nobuki Nakatuji (if it looks like a duck, it smells like a duck, it quacks like a duck ....).
I wouldn't call Misty "snake oil." But it's also been thoroughly taken apart and shown to be weak. Importantly, it was submitted by Mitsubishi for peer review. "Snake oil" is a name I reserve for, well, snake oil. Some of the recent nonsense we've seen is more snake oilish than Misty was. Of course, there should be no real interest in Misty anymore, except as an example to study, so anyone trying to promote it might be accused of peddling snake oil. As for Nobuki-san's consistently strange posts, I'm now persuaded he may be a troller. Or just not very bright. --Tim May The Feds have shown their hand: they want a ban on domestic cryptography ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, ComSec 3DES: 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^2,976,221 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway."
-----BEGIN PGP SIGNED MESSAGE-----
In
At 9:08 PM -0800 1/21/98, William H. Geiger III wrote:
Well on another mailing list I have been chastised for calling Misty "snake-oil".
Has anyone actually examined this algorithm? Seems there is an IETF Draft on it (draft-ohta-misty1desc-00.txt).
Any opinions on it?? My only exposure has be through the pidgon-english posts of Nobuki Nakatuji (if it looks like a duck, it smells like a duck, it quacks like a duck ....).
I wouldn't call Misty "snake oil." But it's also been thoroughly taken apart and shown to be weak. Importantly, it was submitted by Mitsubishi for peer review.
"Snake oil" is a name I reserve for, well, snake oil. Some of the recent nonsense we've seen is more snake oilish than Misty was.
Of course, there should be no real interest in Misty anymore, except as an example to study, so anyone trying to promote it might be accused of peddling snake oil.
Someone on the OpenPGP list was asking for an asignment for an algorithm id in the OpenPGP RFC for Misty1 (from Japan whoda thought <g>). I made my post about snake-oil and got chastised by hal@pgp.com as he seems to think it's a respectable algorithm:
Misty is described in the proceedings of the most recent annual conference on fast encryption algorithms. It is designed to be provably resistant to linear and differential cryptanalysis. As a new set of algorithms (a few variants exist under the "Misty" label), it is one of many where a "wait and see" attitude is appropriate to see how it holds up. As a patented algorithm, it may have trouble competing with alternatives that are free of restrictions.
However your charge that it is "snake-oil" seems unfounded. It appears to be a respectable academic development effort, within the mainstream of cryptographic research, and has some reasonable-looking theory behind it. As far as I know there has been no cryptanalysis or technical commentary of any sort regarding Misty on the cypherpunks mailing list.
As for Nobuki-san's consistently strange posts, I'm now persuaded he may be a troller. Or just not very bright.
I wonder if something isn't getting lost in the translation. He most definatly has not mastered the English language. I remember when I first was learning Hebrew and the number of faux pas I made. :) - -- - --------------------------------------------------------------- William H. Geiger III http://users.invweb.net/~whgiii Geiger Consulting Cooking With Warp 4.0 Author of E-Secure - PGP Front End for MR/2 Ice PGP & MR/2 the only way for secure e-mail. OS/2 PGP 2.6.3a at: http://users.invweb.net/~whgiii/pgpmr2.html - --------------------------------------------------------------- Tag-O-Matic: Bugs come in through open Windows. -----BEGIN PGP SIGNATURE----- Version: 2.6.3a-sha1 Charset: cp850 Comment: Registered_User_E-Secure_v1.1b1_ES000000 iQCVAwUBNMbuII9Co1n+aLhhAQFskQP+KVSJgUQMi+3Q9vSovZRL3BLnUD08K/Vw pyilVZQUmdwW7lIlKTepFREFr1uthvRbupJp3uHyABnLICgYreuD+KrlJv4OxXy+ DFOkM7DhAiWH8KSFpGdYub9N0ClIKXsxQfWtPS6/5rl5xuHKs8/e1uH0Lfp0o9BP Plnq3Ze9XG4= =8yKO -----END PGP SIGNATURE-----
Carlisle Adams included it in his list of interesting cipherss in his talk at RSA. Lars Knudsen's Block Cipher Lounge does not list any known attacks. http://www.esat.kuleuven.ac.be/~knudsen/bc Matsui, its designer, is not stupid. He did the linear cryptanalysis of DES, which I think was the invention of linear cryptanalysis. Adam William H. Geiger III wrote: | Well on another mailing list I have been chastised for calling Misty | "snake-oil". | | Has anyone actually examined this algorithm? Seems there is an IETF Draft | on it (draft-ohta-misty1desc-00.txt). | | Any opinions on it?? My only exposure has be through the pidgon-english | posts of Nobuki Nakatuji (if it looks like a duck, it smells like a duck, | it quacks like a duck ....). -- "It is seldom that liberty of any kind is lost all at once." -Hume
Tim May wrote: | At 9:08 PM -0800 1/21/98, William H. Geiger III wrote: | >Any opinions on it?? My only exposure has be through the pidgon-english | >posts of Nobuki Nakatuji (if it looks like a duck, it smells like a duck, | >it quacks like a duck ....). | | I wouldn't call Misty "snake oil." But it's also been thoroughly taken | apart and shown to be weak. Importantly, it was submitted by Mitsubishi for | peer review. Could you provide a pointer to the analysis paper? Adam ObCypherpunk: I think that 9mm is far superior to .45 due to its lower recoil. -- "It is seldom that liberty of any kind is lost all at once." -Hume
At 7:54 AM -0800 1/22/98, Adam Shostack wrote:
Tim May wrote: | At 9:08 PM -0800 1/21/98, William H. Geiger III wrote:
| >Any opinions on it?? My only exposure has be through the pidgon-english | >posts of Nobuki Nakatuji (if it looks like a duck, it smells like a duck, | >it quacks like a duck ....). | | I wouldn't call Misty "snake oil." But it's also been thoroughly taken | apart and shown to be weak. Importantly, it was submitted by Mitsubishi for | peer review.
Could you provide a pointer to the analysis paper?
No, as I was thinking of FEAL when I wrote about MISTY. Sorry for any confusion. --Tim May The Feds have shown their hand: they want a ban on domestic cryptography ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, ComSec 3DES: 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^2,976,221 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway."
Someone on the OpenPGP list was asking for an asignment for an algorithm id in the OpenPGP RFC for Misty1 (from Japan whoda thought <g>). I made my post about snake-oil and got chastised by hal@pgp.com as he seems to think it's a respectable algorithm:
Well, he said that he wasn't aware of any serious cryptanalysis, specifically on this list. In all honesty, that's a fully truthful statement. Tim May has conveniently confirmed that there *has* been some real cryptanalysis on it, confirming that it's not a good algorithm, but it's not snake-oil. (If it get's submitted for peer review, can you really call it that?) I'm going to wager that all Hal was saying is that he had seen no evidence to that effect, and that you had presentted none.
Misty is described in the proceedings of the most recent annual conference on fast encryption algorithms. It is designed to be provably resistant to linear and differential cryptanalysis. As a new set of algorithms (a few variants exist under the "Misty" label), it is one of many where a "wait and see" attitude is appropriate to see how it holds up. As a patented algorithm, it may have trouble competing with alternatives that are free of restrictions.
However your charge that it is "snake-oil" seems unfounded. It appears to be a respectable academic development effort, within the mainstream of cryptographic research, and has some reasonable-looking theory behind it. As far as I know there has been no cryptanalysis or technical commentary of any sort regarding Misty on the cypherpunks mailing list.
Ryan Anderson wrote: | > Someone on the OpenPGP list was asking for an asignment for an algorithm | > id in the OpenPGP RFC for Misty1 (from Japan whoda thought <g>). I made my | > post about snake-oil and got chastised by hal@pgp.com as he seems to think | > it's a respectable algorithm: | | Well, he said that he wasn't aware of any serious cryptanalysis, | specifically on this list. In all honesty, that's a fully truthful | statement. Tim May has conveniently confirmed that there *has* been some | real cryptanalysis on it, confirming that it's not a good algorithm, but | it's not snake-oil. (If it get's submitted for peer review, can you | really call it that?) Tim has admitted that he made a mistake. I'll offer $25 to the first person who sends me a URL or paper reference to something published by Jan 1, 1998 offering an interesting cryptanlysis of Misty, because I'm tired of seeing people pick on it because of Nobuki's poor English. Adam -- "It is seldom that liberty of any kind is lost all at once." -Hume
At 7:00 AM -0800 1/23/98, Adam Shostack wrote:
Ryan Anderson wrote: | > Someone on the OpenPGP list was asking for an asignment for an algorithm | > id in the OpenPGP RFC for Misty1 (from Japan whoda thought <g>). I made my | > post about snake-oil and got chastised by hal@pgp.com as he seems to think | > it's a respectable algorithm: | | Well, he said that he wasn't aware of any serious cryptanalysis, | specifically on this list. In all honesty, that's a fully truthful | statement. Tim May has conveniently confirmed that there *has* been some | real cryptanalysis on it, confirming that it's not a good algorithm, but | it's not snake-oil. (If it get's submitted for peer review, can you | really call it that?)
Tim has admitted that he made a mistake. I'll offer $25 to the first person who sends me a URL or paper reference to something published by Jan 1, 1998 offering an interesting cryptanlysis of Misty, because I'm tired of seeing people pick on it because of Nobuki's poor English.
Yes, I was thinking of FEAL. And even FEAL was not "snake oil," in that the inventors of it were not trying to use deception to promote it. (I consider this to be part of what "snake oil" is.) My comments to Nobuki-san are lighthearted jokes about his "You send me money, I send you Misty" repeated nonsense. I doubt the guy is even actually Japanese, for various reasons. --Tim May The Feds have shown their hand: they want a ban on domestic cryptography ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, ComSec 3DES: 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^2,976,221 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway."
At 08:02 AM 1/23/98 -0800, Tim May wrote:
Yes, I was thinking of FEAL. And even FEAL was not "snake oil," in that the inventors of it were not trying to use deception to promote it. (I consider this to be part of what "snake oil" is.)
When FEAL was written, it wasn't snake oil. If anybody tries to use it today, it _is_ snake oil, because it and a number of variants on it are well known to be broken. (Too bad, because it was made to be small and light and run on wimpy processors, but there are now other small fast cyphers around.) Thanks! Bill Bill Stewart, bill.stewart@pobox.com PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
On Fri, 23 Jan 1998, Bill Stewart wrote:
At 08:02 AM 1/23/98 -0800, Tim May wrote:
Yes, I was thinking of FEAL. And even FEAL was not "snake oil," in that the inventors of it were not trying to use deception to promote it. (I consider this to be part of what "snake oil" is.)
When FEAL was written, it wasn't snake oil. If anybody tries to use it today, it _is_ snake oil, because it and a number of variants on it are well known to be broken.
Then maybe we should refer to FEAL as "Lemon Oil"? ]:> alan@ctrl-alt-del.com | Note to AOL users: for a quick shortcut to reply Alan Olsen | to my mail, just hit the ctrl, alt and del keys.
participants (6)
-
Adam Shostack -
Alan -
Bill Stewart -
Ryan Anderson -
Tim May -
William H. Geiger III