home *** CD-ROM | disk | FTP | other *** search
- Newsgroups: sci.crypt
- Path: sparky!uunet!charon.amdahl.com!pacbell.com!decwrl!spool.mu.edu!yale.edu!yale!gumby!destroyer!caen!malgudi.oar.net!news.ans.net!newsgate.watson.ibm.com!yktnews!admin!wo0z!lwloen
- From: lwloen@rchland.vnet.ibm.com (Larry Loen)
- Subject: Re: New Encryption Method - a Challenge!
- Sender: news@rchland.ibm.com
- Message-ID: <1992Nov10.233844.9771@rchland.ibm.com>
- Date: Tue, 10 Nov 1992 23:38:44 GMT
- Reply-To: lwloen@vnet.ibm.com
- Disclaimer: This posting represents the poster's views, not necessarily those of IBM
- Nntp-Posting-Host: wo0z.rchland.ibm.com
- Organization: IBM Rochester
- Lines: 67
-
- In article <n0e07t@ofa123.fidonet.org> Erik Lindano writes:
-
-
- >I don't want to get myself involved in the technical aspects of
- >cryptology (-graphy?). I was simply in the process of trying to
- >judge something that had been presented to me, and I wanted to
- >find out whether any of the people who often write authoritative
- >articles here about encryption, etc., are really able to actually
- >crack a certain encryption product or whether they're just good
- >at writing theoretical posts, that's all.
-
- If only you knew what you were asking for!
-
- Cryptanalysis is often successful, but the work to perform it is
- often not trivial, even for systems considered worthless.
- You could be asking for dozens to thousands of hours of work
- under the conditions you cite. Yet, in spite of this
- impressive-sounding total, if we succeed in such a short time
- under the conditions you are giving out, we could then say
- that such a system is totally worthless for virtually
- any purpose and definitely valueless commercially.
-
- Successful designers know this and design to a stricter standard
- you and your friend have not learned. We therefore are entitled
- to be strongly suspicious that your system is weak and not worth
- a thousand hours of our time just to prove it to your satisfaction.
- If we are wrong, we are wrong. But, a thousand hours is a thousand
- hours and before we spend it, we think we are entitled to do it
- under terms we find fairer.
-
- Moreover, in any real-world situation of any importance whatever,
- the algorithm WILL be known. And, once published, it can cut down
- the amount of work from weeks to minutes! Since we'd be providing
- a free service, shouldn't you show a little mercy? What we are
- asking for is well within historical bounds. In fact, if the
- system is any good at all, we can even ask for much more than
- the details of the algorithm. It's in my FAQ. There is a lot
- about cryptography that is kind of counter-intuitive. You need
- to get "schooled" in it.
-
- Also, it is sometimes possible to invent an algorithm that
- encrypts but does not decrypt unambiguously. In such a situation,
- cryptanalysis is futile, because it isn't a "real" crypto-system
- to begin with!
-
- It's a mistake I've seen made, and it is often very difficult to
- discern or prove from just the cipher text. We could spend months
- getting nowhere and then find, after your friend finally relents
- and publishes the algorithm, that it is a non-system.
-
- It could even be a very good system . . . that was invented fifty
- years ago or is a trivial variation of one invented fifty years
- ago. We can probably TELL you that from a description of the
- algorithm instead of taking hundreds of hours, perhaps giving up,
- and leaving you in ignorance as to the algorithm's true value.
-
- There is a right way and a wrong way to make the challenge. Since
- you and your friend have so far not bothered to learn the subject,
- would you at least take our word for what constitutes a fair
- challenge? It's more or less in my FAQ. If your friend will not
- read it, could I ask you to do so? You seem a fair-minded person;
- only a little knowledge would allow you to ask for what you wish
- much more sensibly. You gotta learn the ground rules.
-
- --
- Larry W. Loen | My Opinions are decidedly my own, so please
- | do not attribute them to my employer
-