anonymous mail
Perry E. Metzger
pmetzger at lehman.com
Sun Feb 27 13:48:05 PST 1994
Matthew J Ghio says:
> Karl Barrus wrote:
>
> > Well, you do have to be careful: a large number of keys doesn't
> > mean a cipher is hard to break, there may be a faster method
> > than brute force.
> Quite true! However, as I pointed out, I tried very hard to eliminate
> all such possibilities that would allow simplifying the key search
> process.
Matt, pardon my saying this, but you sound rather foolish. Did you,
for instance, deliberately make any attempt to prevent differential
cryptanalysis? linear cryptanalysis? Related key attacks? Can you
define any of these? If the answer to any of these is "no" then you
probably aren't in a position to try to design a cryptosystem.
Frankly, I understand all the attacks and I wouldn't trust anything of
my own design -- maybe after letting Biham have a crack at it for a
couple of months I'd feel that I hadn't done anything obviously wrong
and after a year or two of seeing lots of people try to attack it and
fail I'd consider using it -- if there weren't other systems around
that I was more confident in.
Given how easy it is to code up an IDEA or mixed IDEA/DES multround
beast, I see no real advantage to trying to build my own, and lots of
disadvantages.
Perry
More information about the cypherpunks-legacy
mailing list