If however Dolphin Encrypt was extremely strong ...

Peter Davidson wet!naga
Sun Apr 17 05:15:37 PDT 1994



 
>Date: Sat, 16 Apr 94 21:26:24 -0700
>From: hughes at ah.com (Eric Hughes)
>Message-Id: <9404170426.AA28904 at ah.com>
>To: cypherpunks at toad.com
>In-Reply-To: Anonymous's message of Fri, 15 Apr 1994 12:53:16 -0400 <Added.shfgNum00UdZ0OvU4M at andrew.cmu.edu>
>Subject: Dolphin Encryption Tutorial
>Precedence: bulk
>Status: R
 
Eric Hughes quotes "Anonymous":
 
>>Are you somehow implying the Dolphin Encrypt withstands critical
>>examination?  Be real.
 
Real?  "Anonymous" here reveals that he has not been keeping up
with the literature.  DE was examined critically by Prof. Cipher
Deavours in the October 1993 issue of Cryptologia, who (after studying
the C source code for the encryption algorithm) wrote: "The diffusion
process employed in the ciphering of data is fairly complex for an
inexpensive system such as this one."
 
Eric then allows as how:
 
>Last time Dolphin Encrypt reared its insecure head in this forum,
>these same issues came up.  The cipher that DE uses is not public and
>was not designed by a person of known cryptographicc competence.  It
>should therefore be considered extremely weak.
 
However, in Peter Meyer's article we read:
 
>The
>encryption algorithm used in Dolphin Encrypt is defined by the C source
>code for the encryption and decryption functions, and this source code is
>part of a publicly available C function library (the Dolphin Encryption
>Library).  The method is not secret and its full details are available for
>examination to anyone who purchases the library.
 
Perhaps the DE cipher is not "public" in the sense that it is widely
available on unix sites, but it is "publicly available".  Perhaps the
source code is not posted on sites such as soda because the publisher
does not wish to expose himself to the the charge of making a strong
crypto system available for export.
 
Eric again quotes "Anonymous":
 
>>The comparison, fairly useless as it is, is even more useless without
>>this further information.
>
>Agreed.
 
For all we know Eric himself posted that "anonymous" message, so he could
quote him out of context.  As I recall, Anonymous seemed to have
(deliberately?) misunderstood the part about the statistical test (and
Eric agrees with him).
 
>I repeat my recommendation of before: Do not use Dolphin Encrypt if
>you want secrecy.  If you want something on the scale of a secret
>decoder ring, fine.
>
>Eric
 
By his own admission Eric is ignorant of the DE cipher and is ignorant
of the cryptographic competence of the author (or authors) of DE.  Yet,
rather than withholding judgment until more information is available,
he makes a strong negative recommendation (and adds an insult).  I
would imagine that, in the opinion of most people, recommendations
based upon ignorance such as this are worthless.
 
Eric seems to have a burr up his ass regarding either DE or its
author(s).  His misrepresentation (e.g. that the DE cipher is not
public) and lack of logic (e.g. we don't know that X is true therefore
X is false) suggest that there is an emotional basis to his
"recommendation".  Apparently as regards DE Eric is not capable of
anything except smear tactics.  The astute readers of this list are
not likely to be fooled by this.
 






More information about the cypherpunks-legacy mailing list