Cryptography-Digest Digest #268, Volume #10 Sun, 19 Sep 99 08:13:03 EDT
Contents:
Re: Ritter's paper (Sundial Services)
Re: Ritter's paper (Sundial Services)
Re: Okay "experts," how do you do it? (David A Molnar)
Re: Okay "experts," how do you do it? (David A Molnar)
Re: Okay "experts," how do you do it? (Sundial Services)
Re: Okay "experts," how do you do it? (Sundial Services)
Re: Ritter's paper (Sundial Services)
Re: FPGAs ("Kasper Pedersen")
Re: Okay "experts," how do you do it?
Re: Ritter's paper
Cryptography FAQ (01/10: Overview) ([EMAIL PROTECTED])
Cryptography FAQ (02/10: Net Etiquette) ([EMAIL PROTECTED])
----------------------------------------------------------------------------
Date: Sat, 18 Sep 1999 22:22:55 -0700
From: Sundial Services <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Subject: Re: Ritter's paper
You know, Mr. Ritter, I think it really is worth saying in public that
you furnish an extremely innovative web-site to the crypto-interested
community, and that you have -- and yes, have patented -- some extremely
refreshing and original ideas. In fact, you seem to be about the only
person "here" whose ideas "think outside the box" of XOR and shifting.
I happen to be of the opinion that whether or not you have a patent on
something is immaterial to the state of the art. It's either a good
idea, or it's not. :->
Keep it up.
------------------------------
Date: Sat, 18 Sep 1999 22:29:32 -0700
From: Sundial Services <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Subject: Re: Ritter's paper
Terry Ritter wrote:
>
> >Well, you seem to have just said that old cryptography is bad
> >cryptography.
>
> Certainly the old ideas about cryptography are bad cryptography.
>
> Cryptanalysis is not how we know cipher strength; we have no such
> tool. In fact, cryptanalysis is how we know cipher weakness (and then
> only an upper bound -- the "real" strength may be far less) for
> ciphers we will not then use. For the untouched ciphers we *will*
> use, cryptanalysis has not testified *at* *all* about strength.
>
> >Bruce correctly stated the risks of using untried cipher designs. They
> >have a significant likelihood of flaws that are relatively easy to find.
>
> Schneier clearly supports the AES approach to the selection of a
> single cipher. That cipher immediately becomes a universal target.
> This approach is fundamentally wrong.
As a pure aside to all this conversation... NONE of us are really "at
odds" with one another... not Mr. Ritter, not Mr. Schneier... It's
academic debate. It's purely aimed at advancing the non-classified
knowledge and state of the art. Personalities have nothing to do with
it. Zippo.
------------------------------
From: David A Molnar <[EMAIL PROTECTED]>
Subject: Re: Okay "experts," how do you do it?
Date: 19 Sep 1999 05:07:21 GMT
[EMAIL PROTECTED] wrote:
> David A Molnar ([EMAIL PROTECTED]) wrote:
> : Trevor Jackson, III <[EMAIL PROTECTED]> wrote:
> : > Sure it is. "Very tough" does not describe the Halting Problem, Godel's
> : > Theorem, or incrementing from one to 2^googol. Those problems cannot be
> : > "solved", and we can prove it.
> : The output of incrementing from one to 2^googol is finite and unique,
> : therefore the problem is solvable. I know at least one person who really
> : does think this way.
> You don't count many mathematicians among your friends, do you?
Are you referring to [EMAIL PROTECTED] or to my response?
-David
------------------------------
From: David A Molnar <[EMAIL PROTECTED]>
Subject: Re: Okay "experts," how do you do it?
Date: 19 Sep 1999 05:24:29 GMT
jerome <[EMAIL PROTECTED]> wrote:
> obviously maybe you are well known because you are good and the referee
> may not be influenced by the reputation... hard to say.
Aren't papers supposed to be refereed without knowledge of the authors'
names?
-David
------------------------------
Date: Sat, 18 Sep 1999 22:19:25 -0700
From: Sundial Services <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Subject: Re: Okay "experts," how do you do it?
[EMAIL PROTECTED] wrote:
> There is a difference between learning *facts* and learning *skills*. To
> look at the description of a cipher, and see where it might be weak, is a
> task that is assisted by being familiar with a lot of ciphers and the
> kinds of attacks that were useful against them.
>
> But one also has to be able to see how an attack can be transformed to
> apply to a different kind of cipher than the one it was originally used
> with. One has to be able to see how a general principle can be applied to
> extend an attack. One has to be able to invent new attacks.
Fighting this notion of human supremacy as long as I can, :-), and for
the sake of argument :-) :-), I submit again the contrarian question...
exactly WHAT is it that we are learning?
Is it simply an issue that we don't have an effective way to represent
the cipher in a way that the computer can be made to test it? I
question this, because nearly all ciphers these days are computer
functions. The computer does the encipherment; why can't the computer
readily test the quality of the encipherment? If humans alone can do
this testing then... "why? why? why??"
> They do accomplish their part of the work very quickly and conveniently.
> And I suspect that even now it is possible to design symmetric-key ciphers
> which offer no hope of solution. But as long as ciphers _can_ be broken,
> human ingenuity, and human ingenuity of a high order, will be required for
> the process.
>
> It is not accidental that the British effort to crack the Enigma included
> some of Britain's foremost mathematicians, such as Alan Turing and I. J.
> Good, or the well-known chess player Conel Hugh O'Donel Alexander.
Yet these people were able to write extensively about what they tested
for, even though they lacked the means to do the work mechanically in
the fashion that we have today. (Mind you, they exploited mechanics to
the ultimate extent of the technology of the time! And the Post Office
obligingly paid all the bills.)
Suppose -they- had the computers we have today! Suppose -they- had
access to a "C" function corresponding to Enigma. How would -they-
ascertain its possibilities, determine theoretically its strengths...
How would they marshal the infinitely expanded possibilities of the
modern computer to possibly learn, in seconds, what they were forced to
spend years on?
Are we truly obliged to say that, in spite all of what Intel and
Motorola have done for us, we are still obliged to rely upon human
"experts" and flashes of "I don't know exactly what" to conclude that a
cipher is or is not safe? How on earth :-> can we say that... when we
are talking about computer algorithms to begin with?
:-)
<I think it's an interesting contrarian thought I'm pursuing here, and I
pursue it quite seriously just to see where it might lead. C'mon,
gentlebeings, play along.> ;-)
------------------------------
Date: Sat, 18 Sep 1999 22:12:43 -0700
From: Sundial Services <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Subject: Re: Okay "experts," how do you do it?
[EMAIL PROTECTED] wrote:
>
> Sundial Services ([EMAIL PROTECTED]) wrote:
> : To try to steer this discussion gently back on course, let me say that
> : for example it seems to me [an untutored individual] that one could
> : create some kind of a test-bed into which the cipher algorithm could be
> : installed and fed a bunch of known data. One could then statistically
> : analyze the outputs obtained to predict the quality of the cipher.
>
> No, one can't do that. One can test the qualtiy of a random-number
> generator that way, if it is going to be used for a Monte Carlo method
> calculation, because the characteristics it must have to be satisfactory
> for that are well-defined.
>
> Strength in a cipher system is an open-ended quality; a cipher can be
> strong against a long list of documented attacks, yet be very weak if one
> of these attacks is applied to it with a small variation - one that only
> an _intelligent human being_ can recognize. Not a simple computer program.
You may presume, Dr. Savard, that I respect your opinion very much.
But... do you really think so? Do you really think that ALL
possibilities for doing otherwise have really been exhausted, that we
have no hope but to forever rely upon human "expertise" that cannot ever
be replaced by automation? It seems so strange to me that we have
finally find some place where computers cannot possibly help us.
I think it would be a fascinating research-topic to see to what extent
we could possibly replace the human cryptologist. And in what way.
------------------------------
Date: Sat, 18 Sep 1999 22:25:03 -0700
From: Sundial Services <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Subject: Re: Ritter's paper
Terry Ritter wrote:
>
> >It may be so, Mr. Ritter, but personally I felt that the article was a
> >bit too self-defensive about the issue of a cipher being patentable or
> >not, and patented or not.
>
> If you would count sentences which did not refer to patenting, as
> opposed to those which did, you might have a different slant on what
> "self-defensive" means.
>
> The problem is that academics refuse to address patented cryptographic
> technology, for the various reasons Schneier discusses. But whatever
> those reasons are, they prevent academics from becoming expert on that
> new technology, and we all lose.
We are in complete agreement on this statement. I have made the same
observation privately myself. "The cipher is the thing. The only
thing." If an individual is prescient enough to acquire a patent on a
really good idea -- and IF AND ONLY IF the idea really IS a good one --
then "goody for him, for about seven years."
The cipher's the thing. The only thing. Is it safe, or not? Does it
advance the [non-classified] art, or not? Why or why not?
etc...
------------------------------
From: "Kasper Pedersen" <[EMAIL PROTECTED]>
Subject: Re: FPGAs
Date: Sat, 18 Sep 1999 22:16:49 +0200
Arthur Dardia <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> I've recently acquired 5 Xilinx FPGAs. The numbers on the chip look like
this:
>
> XC4005E
> PC84CKJ9637
> A64196A
> 3C
> Anyone know how fast these things are? What if I ran them in parallel?
Can
Done right they should clock at least 25MHz, probably more. There are 196
clbs. Each CLB has 2 flipflops and 2 4:1 decoders, and in addition there is
a lot of RAM bits (around 6000).
> anyone point me to any resources on how to program these? They were given
to me
> by a friend who used to work at National Semiconductor. I have 2-3 test
boards
Good friend. The Xilinx Foundation Series software might work, if you are
able to acquire it.
What you need is either schematic entry, or a good VHDL compiler.
> Where could I obtain sockets for these chips, and how do I make the PCBs
for the
> cards? Any information what-so-ever would be a great help.
The sockets are called PLCC84's, and you want the kind for thru-hole
mounting. Ask any major parts supplier.
Don't manufacture PCBs, use experimental boards instead (single-pad). There
are only about 5 wires for programming, and you may need an additional 5 for
clock data and power.
Exploit that they are FPGA's: Insert the cipher/plaintext into the design
and recompile it.
Measure the numer of clocks before one of the FPGAs halt, and you have
narrowed it down far enough that
the controlling PC will find it in minutes after the FPGA..
/Kasper
------------------------------
From: [EMAIL PROTECTED] ()
Subject: Re: Okay "experts," how do you do it?
Date: 19 Sep 99 08:38:28 GMT
David A Molnar ([EMAIL PROTECTED]) wrote:
: [EMAIL PROTECTED] wrote:
: > : The output of incrementing from one to 2^googol is finite and unique,
: > : therefore the problem is solvable. I know at least one person who really
: > : does think this way.
: > You don't count many mathematicians among your friends, do you?
: Are you referring to [EMAIL PROTECTED] or to my response?
Your response. A criticism was not intended: simply a statement that all
mathematicians "think that way" - although usually, only when appropriate,
for determining solvability in a theoretical sense, and they do also
realize that some problems are not solvable in practice due to time
constraints.
John Savard
------------------------------
From: [EMAIL PROTECTED] ()
Subject: Re: Ritter's paper
Date: 19 Sep 99 08:58:48 GMT
Terry Ritter ([EMAIL PROTECTED]) wrote:
: Moreover, the basic concept is wrong. What is beyond Biham now may
: not be beyond the ordinary hacker after new technology is published.
Yes, I agree with that. Thus, I think we should use "unreasonably large"
key sizes, for example.
John:
: >: >(That the history of
: >: >cryptography is replete with systems that have been proposed for
: >: >serious use, but which had serious and obvious flaws, as Bruce noted,
: >: >is surely a fact beyond dispute.)
Terry:
: >: Yes. But these data do not imply what you think they do. They have
: >: shown weakness; they do not imply strength in the remaining ciphers.
John:
: >No, they do not. But they imply that weakness is likely in an unexamined
: >cipher. The ones that have survived winnowing for obvious flaws have been
: >shown not to have that particular type of flaw.
Terry:
: Then I would suggest that you demand that paid academics who claim
: expertise in this area start serving the public good by performing
: such analysis on a broad scale.
Rather than come up with a pseudo-Libertarian counterargument, upon
reflection I find that isn't that bad a suggestion, as long as one doesn't
use too broad a definition of "broad".
I'll settle for a much smaller request: that those cipher designers who
are currently respected design ciphers that are scaled up a bit more,
that include greater diversity of design, and that try to be more
fundamentally nonlinear or irregular.
: >Thus, in using a "new" cipher, I am taking a risk that a moderately
: >competent cryptanalyst might be able to break it. In using one that has
: >been extensively studied, I can - as a rough estimate - hope that it will
: >take an additional period of study, as long as that to which it has
: >already been subjected, before a flaw turns up.
: >(Yes, I am a Bayesian.)
: Yet that still does not make your logic correct.
It isn't ironclad like deductive logic, no.
: I agree with that. But knowing the limits of this, I disagree that it
: is sufficient, and there has been no Schneier proposal to address the
: problem.
At least *once* he acknowledged the existence of the problem, as I
recently remembered: he noted that we don't have enough well-analyzed
ciphers to choose from.
: I not only imply, I directly state that the claim that a cipher is
: strong because it survives cryptanalysis is simply false. The idea
: that we would bet our information society on any particular opinion
: about strength is frankly appalling.
A cipher is not proven strong by surviving cryptanalysis. Such survival is
merely weak corroborating evidence of strength, which is the best thing we
have. It is not to be blindly relied upon - here you are correct - but
neither is it to be disdained.
quoting me again:
: >Obviously, you don't really mean that. You would not seriously offer to
: >the public an encryption program that enciphered people's messages using
: >10 algorithms taken from a pool of 1000 algorithms - that you had
: >developed for you by a local Grade Five class. You wouldn't do that;
: >nobody would. And the reasons you don't are the same reasons that are
: >behind what Bruce had said. So Bruce is not "just plain wrong".
: While I appreciate your attempts to get Schneier and myself to duke it
: out while you watch,
Well, I thought I've been doing exactly the opposite: stepping right into
the middle of the debate in order to get the advocates of both points of
view to recognize what is valid in the other side's perspective.
: this is a fundamental issue for cryptographic
: science, and not some sort of battle between sides.
Because I firmly believe that an ideological war is *not* the best climate
for the search for truth. There are two schools of thought, and in my
opinion each is incomplete.
: Schneier merely
: represents and promotes the currently accepted but false beliefs about
: what ciphers should be. To that same extent, the other side deserves
: to be heard, and you will not hear about another side in his works or
: writings, and I call that deceptive.
They are largely aimed at people who may lack cryptological
sophistication, and so they teach safe practice without exposing their
student to alternatives. This should perhaps be more clearly labelled, but
I wouldn't call a textbook on Strict Counterpoint deceptive.
John Savard
------------------------------
From: [EMAIL PROTECTED]
Crossposted-To: talk.politics.crypto,sci.answers,news.answers,talk.answers
Subject: Cryptography FAQ (01/10: Overview)
Date: 19 Sep 1999 11:17:57 GMT
Reply-To: [EMAIL PROTECTED]
Archive-name: cryptography-faq/part01
Last-modified: 1999/06/27
This is the first of ten parts of the sci.crypt FAQ. The parts are
mostly independent, but you should read this part before the rest. We
don't have the time to send out missing parts by mail, so don't ask.
Notes such as ``[KAH67]'' refer to the reference list in the last part.
Disclaimer: This document is the product of the Crypt Cabal, a secret
society which serves the National Secu---uh, no. Seriously, we're the
good guys, and we've done what we can to ensure the completeness and
accuracy of this document, but in a field of military and commercial
importance like cryptography you have to expect that some people and
organizations consider their interests more important than open
scientific discussion. Trust only what you can verify firsthand.
And don't sue us.
Many people have contributed to this FAQ. In alphabetical order:
Eric Bach, Steve Bellovin, Dan Bernstein, Nelson Bolyard, Carl Ellison,
Jim Gillogly, Mike Gleason, Doug Gwyn, Luke O'Connor, Tony Patti,
William Setzer. We apologize for any omissions.
Archives: sci.crypt has been archived since October 1991 on
ripem.msu.edu, though these archives are available only to U.S. and
Canadian users. Another site is rpub.cl.msu.edu in /pub/crypt/sci.crypt/
from Jan 1992.
The sections of this FAQ are available via anonymous FTP to rtfm.mit.edu
as /pub/usenet/news.answers/cryptography-faq/part[xx]. The Cryptography
FAQ is posted to the newsgroups sci.crypt, talk.politics.crypto,
sci.answers, and news.answers every 21 days.
The fields `Last-modified' and `Version' at the top of each part track
revisions.
1999: There is a project underway to reorganize, expand, and update the
sci.crypt FAQ, pending the resolution of some minor legal issues. The
new FAQ will have two pieces. The first piece will be a series of web
pages. The second piece will be a short posting, focusing on the
questions that really are frequently asked.
In the meantime, if you need to know something that isn't covered in the
current FAQ, you can probably find it starting from Ron Rivest's links
at <http://theory.lcs.mit.edu/~rivest/crypto-security.html>.
If you have comments on the current FAQ, please post them to sci.crypt
under the subject line Crypt FAQ Comments. (The crypt-comments email
address is out of date.)
Table of Contents
=================
1. Overview
2. Net Etiquette
2.1. What groups are around? What's a FAQ? Who am I? Why am I here?
2.2. Do political discussions belong in sci.crypt?
2.3. How do I present a new encryption scheme in sci.crypt?
3. Basic Cryptology
3.1. What is cryptology? Cryptography? Plaintext? Ciphertext? Encryption? Key?
3.2. What references can I start with to learn cryptology?
3.3. How does one go about cryptanalysis?
3.4. What is a brute-force search and what is its cryptographic relevance?
3.5. What are some properties satisfied by every strong cryptosystem?
3.6. If a cryptosystem is theoretically unbreakable, then is it
guaranteed analysis-proof in practice?
3.7. Why are many people still using cryptosystems that are
relatively easy to break?
3.8. What are the basic types of cryptanalytic `attacks'?
4. Mathematical Cryptology
4.1. In mathematical terms, what is a private-key cryptosystem?
4.2. What is an attack?
4.3. What's the advantage of formulating all this mathematically?
4.4. Why is the one-time pad secure?
4.5. What's a ciphertext-only attack?
4.6. What's a known-plaintext attack?
4.7. What's a chosen-plaintext attack?
4.8. In mathematical terms, what can you say about brute-force attacks?
4.9. What's a key-guessing attack? What's entropy?
5. Product Ciphers
5.1. What is a product cipher?
5.2. What makes a product cipher secure?
5.3. What are some group-theoretic properties of product ciphers?
5.4. What can be proven about the security of a product cipher?
5.5. How are block ciphers used to encrypt data longer than the block size?
5.6. Can symmetric block ciphers be used for message authentication?
5.7. What exactly is DES?
5.8. What is triple DES?
5.9. What is differential cryptanalysis?
5.10. How was NSA involved in the design of DES?
5.11. Is DES available in software?
5.12. Is DES available in hardware?
5.13. Can DES be used to protect classified information?
5.14. What are ECB, CBC, CFB, and OFB encryption?
6. Public-Key Cryptography
6.1. What is public-key cryptography?
6.2. How does public-key cryptography solve cryptography's Catch-22?
6.3. What is the role of the `trapdoor function' in public key schemes?
6.4. What is the role of the `session key' in public key schemes?
6.5. What's RSA?
6.6. Is RSA secure?
6.7. What's the difference between the RSA and Diffie-Hellman schemes?
6.8. What is `authentication' and the `key distribution problem'?
6.9. How fast can people factor numbers?
6.10. What about other public-key cryptosystems?
6.11. What is the `RSA Factoring Challenge?'
7. Digital Signatures
7.1. What is a one-way hash function?
7.2. What is the difference between public, private, secret, shared, etc.?
7.3. What are MD4 and MD5?
7.4. What is Snefru?
8. Technical Miscellany
8.1. How do I recover from lost passwords in WordPerfect?
8.2. How do I break a Vigenere (repeated-key) cipher?
8.3. How do I send encrypted mail under UNIX? [PGP, RIPEM, PEM, ...]
8.4. Is the UNIX crypt command secure?
8.5. How do I use compression with encryption?
8.6. Is there an unbreakable cipher?
8.7. What does ``random'' mean in cryptography?
8.8. What is the unicity point (a.k.a. unicity distance)?
8.9. What is key management and why is it important?
8.10. Can I use pseudo-random or chaotic numbers as a key stream?
8.11. What is the correct frequency list for English letters?
8.12. What is the Enigma?
8.13. How do I shuffle cards?
8.14. Can I foil S/W pirates by encrypting my CD-ROM?
8.15. Can you do automatic cryptanalysis of simple ciphers?
8.16. What is the coding system used by VCR+?
9. Other Miscellany
9.1. What is the National Security Agency (NSA)?
9.2. What are the US export regulations?
9.3. What is TEMPEST?
9.4. What are the Beale Ciphers, and are they a hoax?
9.5. What is the American Cryptogram Association, and how do I get in touch?
9.6. Is RSA patented?
9.7. What about the Voynich manuscript?
10. References
10.1. Books on history and classical methods
10.2. Books on modern methods
10.3. Survey articles
10.4. Reference articles
10.5. Journals, conference proceedings
10.6. Other
10.7. How may one obtain copies of FIPS and ANSI standards cited herein?
10.8. Electronic sources
10.9. RFCs (available from [FTPRF])
10.10. Related newsgroups
------------------------------
From: [EMAIL PROTECTED]
Crossposted-To: talk.politics.crypto,sci.answers,news.answers,talk.answers
Subject: Cryptography FAQ (02/10: Net Etiquette)
Date: 19 Sep 1999 11:18:01 GMT
Reply-To: [EMAIL PROTECTED]
Archive-name: cryptography-faq/part02
Last-modified: 94/06/13
This is the second of ten parts of the sci.crypt FAQ. The parts are
mostly independent, but you should read the first part before the rest.
We don't have the time to send out missing parts by mail, so don't ask.
Notes such as ``[KAH67]'' refer to the reference list in the last part.
The sections of this FAQ are available via anonymous FTP to rtfm.mit.edu
as /pub/usenet/news.answers/cryptography-faq/part[xx]. The Cryptography
FAQ is posted to the newsgroups sci.crypt, talk.politics.crypto,
sci.answers, and news.answers every 21 days.
Contents:
2.1. What groups are around? What's a FAQ? Who am I? Why am I here?
2.2. Do political discussions belong in sci.crypt?
2.3. How do I present a new encryption scheme in sci.crypt?
2.1. What groups are around? What's a FAQ? Who am I? Why am I here?
Read news.announce.newusers and news.answers for a few weeks. Always
make sure to read a newsgroup for some time before you post to it.
You'll be amazed how often the same question can be asked in the same
newsgroup. After a month you'll have a much better sense of what the
readers want to see.
2.2. Do political discussions belong in sci.crypt?
No. In fact some newsgroups (notably misc.legal.computing) were
created exactly so that political questions like ``Should RSA be
patented?'' don't get in the way of technical discussions. Many
sci.crypt readers also read misc.legal.computing, comp.org.eff.talk,
comp.patents, sci.math, comp.compression, talk.politics.crypto,
et al.; for the benefit of people who don't care about those other
topics, try to put your postings in the right group.
Questions about microfilm and smuggling and other non-cryptographic
``spy stuff'' don't belong in sci.crypt either.
2.3. How do I present a new encryption scheme in sci.crypt?
``I just came up with this neat method of encryption. Here's some
ciphertext: FHDSIJOYW^&%$*#@OGBUJHKFSYUIRE. Is it strong?'' Without a
doubt questions like this are the most annoying traffic on sci.crypt.
If you have come up with an encryption scheme, providing some
ciphertext from it is not adequate. Nobody has ever been impressed by
random gibberish. Any new algorithm should be secure even if the
opponent knows the full algorithm (including how any message key is
distributed) and only the private key is kept secret. There are some
systematic and unsystematic ways to take reasonably long ciphertexts
and decrypt them even without prior knowledge of the algorithm, but
this is a time-consuming and possibly fruitless exercise which most
sci.crypt readers won't bother with.
So what do you do if you have a new encryption scheme? First of all,
find out if it's really new. Look through this FAQ for references and
related methods. Familiarize yourself with the literature and the
introductory textbooks.
When you can appreciate how your cryptosystem fits into the world at
large, try to break it yourself! You shouldn't waste the time of tens
of thousands of readers asking a question which you could have easily
answered on your own.
If you really think your system is secure, and you want to get some
reassurance from experts, you might try posting full details of your
system, including working code and a solid theoretical explanation, to
sci.crypt. (Keep in mind that the export of cryptography is regulated
in some areas.)
If you're lucky an expert might take some interest in what you posted.
You can encourage this by offering cash rewards---for instance, noted
cryptographer Ralph Merkle is offering $1000 to anyone who can break
Snefru-4---but there are no guarantees. If you don't have enough
experience, then most likely any experts who look at your system will
be able to find a flaw. If this happens, it's your responsibility to
consider the flaw and learn from it, rather than just add one more
layer of complication and come back for another round.
A different way to get your cryptosystem reviewed is to have the NSA
look at it. A full discussion of this procedure is outside the scope
of this FAQ.
Among professionals, a common rule of thumb is that if you want to
design a cryptosystem, you have to have experience as a cryptanalyst.
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
