A Challenge (perhaps!)

Bill Stewart stewarts at ix.netcom.com
Thu Feb 22 22:57:02 PST 1996


At 12:39 PM 2/21/96 GMT, karlmarx at illumini.demon.co.uk wrote:

>My friend has just written a new crypto program that he is trying to get
>included on a PC Magazine CD-ROM over here... 
>I don't know too much about it at the moment, but he said he thought it
>would be a good idea to see if anyone on this list could crack it and thus
>help to make it more secure. I don't know too much about it ATM...

Great - we'd be happy to see it here.  Bad code is still code :-)
If it's good crypto, or even bad crypto with a good user interface,
it may be useful to people.  If it's bad crypto, we may be able to
educate your friend on plugging in good algorithms or at least discourage
having bad crypto made available to people who might be hurt by trusting it.


>I know it doesn't exercise key technology and relies on the secrecy of the
>algorithm (which from my very limited knowledge on cryptography I think makes
>it almost doomed from the start (?))

If you're going to distribute even executables, people can figure out
the algorithm you're using; keeping keys secret is tough enough...
Also, if you've got an algorithm that's strong enough to be useful,
you can do mathematical analysis of how long it takes to break,
and get an idea of how secure your data will be.

>The application is written in Visual Basic and I could probably get a copy
>of the compiled (well VB is actually interpreted, but that's neither here or
>there) .EXE file....

VB is readable, more or less, and I suspect if there's anything useful
from your friend's code, it'll be the user interface (because even someone
who can't do the math to do decent cryptography may still have some
taste about what user interfaces are friendly.)  From a tool-builder's
perspective, it's better to have tools that can be used as components
of larger systems than tools that _require_ a GUI interface or a
clumsy command-line interface, but that won't stop us from stealing a good
GUI :-)
and throwing away the bogus crypto.  Besides, PGP's user interface is
far clumsier than a command-line interface needs to be.

#--
#				Thanks;  Bill
# Bill Stewart, stewarts at ix.netcom.com / billstewart at attmail.com +1-415-442-2215
# http://www.idiom.com/~wcs     Pager +1-408-787-1281

! Frank Zappa for President !







More information about the cypherpunks-legacy mailing list