Cryptography-Digest Digest #161, Volume #11 Sun, 20 Feb 00 06:13:01 EST
Contents:
Re: NSA Linux and the GPL (Uri Blumenthal)
Re: EOF in cipher??? (John Savard)
Re: Question about OTPs (ChenNelson)
Re: NIST publishes AES source code on web (John Savard)
Re: EOF in cipher??? (wtshaw)
Re: Question about OTPs ("Douglas A. Gwyn")
Re: OAP-L3 Encryption Software - Complete Help Files at web site (Peter Rabbit)
Re: UK publishes 'impossible' decryption law (Eric Smith)
Re: UK publishes 'impossible' decryption law (Eric Smith)
Re: Is Phi perfect? (Xcott Craver)
Re: OAP-L3 Encryption Software - Complete Help Files at web site (Tony L. Svanstrom)
Re: Biggest keys needed (was Re: Does the NSA have ALL Possible PGP keys?)
([EMAIL PROTECTED])
Cryptography FAQ (01/10: Overview) ([EMAIL PROTECTED])
Cryptography FAQ (02/10: Net Etiquette) ([EMAIL PROTECTED])
----------------------------------------------------------------------------
From: Uri Blumenthal <[EMAIL PROTECTED]>
Subject: Re: NSA Linux and the GPL
Date: Sat, 19 Feb 2000 21:39:51 -0500
Reply-To: [EMAIL PROTECTED]
"Douglas A. Gwyn" wrote:
> Oh, good grief! NSA was one of the very first licensees of UNIX
> source code, and has had various flavors of UNIX, among numerous
> other OSes (including some devised within NSA), for decades. There
> is no particular reason they need to use Linux as opposed to more
> fully developed genuine UNIX-based systems.
One reason could be the desire to use off-the-shelf PCs running
a Unix-like operating system, again off-the-shelf.
No doubt NSA could port one of their "flavors" of Unix, but
this game becomes boring very quickly. And Linux seems to
be "it", aka "popular Unix running on a PC".
> As another poster hinted, no matter how much the security of
> Linux is beefed up, it will not become Multi-Level Secure...
Hmm... Any reason why "it will not" (assuming there's market
for MLS Linux)?
--
Regards,
Uri
-=-=-==-=-=-
<Disclaimer>
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: EOF in cipher???
Date: Sun, 20 Feb 2000 04:00:37 GMT
On Sun, 20 Feb 2000 01:33:39 GMT, "Douglas A. Gwyn" <[EMAIL PROTECTED]>
wrote, in part:
>The C programming language is
>defined by a certain standards document.
Which came out in previous editions.
The term "C programming" is usually applied, in the vernacular, to
programming for compilation on any compiler which, at one time,
compiled programs written in the C language as it was then understood,
whether that was at a time when a previous version of the standard was
in effect, or at a time before standardization documents existed for
the language.
Some features in recent C compilers, such as the declaration of the
types of function arguments in the function header, and the // form of
comment, have proven to be so useful and convenient that they have
been generally used in new programs.
But it is indeed a sound rule not to use any feature not found in the
very first C implementation, any feature that has not been a part of
the C language from the very beginning, any feature that is not a part
of every single compiler purporting to compile C or some subset
thereof ... without cause. One writes a program *that it may be of
use*; that is, that it may produce the results of a calculation on
various people's computers. Making it easy to compile the program on
just about any compiler, however inadequate, contributes to achieving
this goal.
------------------------------
From: [EMAIL PROTECTED] (ChenNelson)
Subject: Re: Question about OTPs
Date: 20 Feb 2000 04:37:11 GMT
=====BEGIN PGP SIGNED MESSAGE=====
Hash: SHA1
Actually, in my lab class I think I've stumbled across a very
efficient way of generating a OTP. Take an oscilloscope, hook it to an
A/D board on the computer, and have the oscilloscope record noise.
Then, for all voltages >0 output a 1, and all voltages <0 record a 0
(or the other way around). Have the sample rate fast enough to be
efficient, but not too fast to preserve randomness (must statistically
test here, better to sample slower and be surer).
Later,'
Nelson Chen
=====BEGIN PGP SIGNATURE=====
Version: PGP for Personal Privacy 5.5.2
Comment: For public key, go to key server with key ID 0xD28C0DD9
iQA/AwUBOK9wAW1ACZTSjA3ZEQJpFgCfR4OVKI51yMzzvB+gzXAQJhYBkz8An3G8
vlWwnD50Tpd4Y+wuBdgkp1zn
=46yX
=====END PGP SIGNATURE=====
==========================
To earn $0.05 per clickthrough from your web page, please go to
http://www.3wmart.com/ and sign up for our button banner program.
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: NIST publishes AES source code on web
Date: Sun, 20 Feb 2000 04:31:44 GMT
On Sun, 20 Feb 2000 01:29:19 GMT, "Douglas A. Gwyn" <[EMAIL PROTECTED]>
wrote, in part:
>Mok-Kong Shen wrote:
>> ... Remembering that previously it has been the firm and resolute
>> opinions of a number of authorities (in more than one country)
>> that strong cryptos should be under strict control (particularly
>> the issue of export) and that (if I don't err) the crypto clauses
>> of the Wassenaar Agreement are still 'in force', this 'exception'
>> IS indeed remarkable.
>How so? The US is not bound by the Wassenaar Agreement, because
>our Constitution requires that all foreign treaties be ratified
>by our Senate, which did not happen for the W.A. (thankfully).
As it is generally believed that the requirements of the Wassenaar
Agreement are less severe than those of the old U.S. export
restrictions, and are still less severe even than the restrictions
remaining under the changes to the law, I am somewhat puzzled by that
comment.
------------------------------
From: [EMAIL PROTECTED] (wtshaw)
Subject: Re: EOF in cipher???
Date: Sat, 19 Feb 2000 21:58:53 -0600
In article <[EMAIL PROTECTED]>, "Douglas A. Gwyn"
<[EMAIL PROTECTED]> wrote:
> JPeschel wrote:
> > Mok, if you are trying to learn C, I'd suggest you value
> > Doug's technical opinions over the opinions and coding
> > styles of others here, including myself.
>
> Thanks, although I was careful to use "K&R" coding style
> rather than my own, on the principle that that is the one
> coding style that every C programmer has to be comfortable
> with. In my own style, I use more white space, place the
> braces differently, and comment the variables more thoroughly.
I'm doing the best I can to learn correct syntax, white space formatting
is something different. It makes more sense to have as much of the source
code before you at a glance, than to try to remember what was written
above or below what can be seen immediately. A few comments should also
heap, but doing something on every line is not necessary.
After 30+ years with Fortran and BASIC, I'm getting on with a third
flavor. There is lots to learn yet. Needless to say, I'm following this
thread carefully.
--
Let's all sit back an watch the inhabitants of the political zoo
perform in three rings. It's more exciting than soap operas. Then
vote out anyone who has been in long enough to abuse things.
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: Question about OTPs
Date: Sun, 20 Feb 2000 05:42:08 GMT
Arthur Dardia wrote:
> I still say make a recording of what happens outside the window by your
> computer and mix that with your swap file (which should be really, really
> random - unless I'm mistaken), in addition to recording timings between
> keypresses, etc.
None of those are very "random", so combining them won't
produce a very random bit stream.
> Does it make sense that the more stupid stuff you include,
> the more random your data will become, or ...
That depends. Why not just use a hardware random bit generator?
> Also, when combining multiple sources of data, should you conectate the two
> files or data, or should you xor them together or perform some other operation
> on them. Xoring the two would yield as much data as the bigger file holds,
> but conectating the two files would give you more data. Which is better,
> assuming you don't really need that much data...
Obviously, concatenation does not improve the "randomness"
of the bits of the sources. XORing might help, but only
under some circumstances.
It appears to me that you're tackling a bigger problem
than you are currently equipped to solve. That is
usually a mistake..
------------------------------
From: Peter Rabbit <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Crossposted-To: talk.politics.crypto,alt.privacy
Subject: Re: OAP-L3 Encryption Software - Complete Help Files at web site
Date: Sun, 20 Feb 2000 07:06:14 GMT
Anthony Stephen Szopa wrote:
>
> Joseph Ashwood wrote:
> >
> > I still think my favorite part is that it "Uses no
> > mathematical equations" and yet still manages to perform
> > operationcs that are inherently mathematic
> > (encryption/decryption).
> > And of course some more gems.
> > on the page http://www.ciphile.com/soon.html
> > "with a key of less than 2,500 bytes ... a security
> > level equivalent to 10,000 bits"
> > 5,000 bytes
> > ..... 15,000 bits
> > 10,000 bytes
> > ..... 40,000 bits
> > 50,000 bytes
> > ...... 150,000 bits
> > If that's the case you have a serious problem, at least half
> > your bits are lost.
> >
> > The more I read about OAP-L3 the more I find it stupendously
> > moronic.
> >
> > "Anthony Stephen Szopa" <[EMAIL PROTECTED]> wrote in
> > message news:[EMAIL PROTECTED]...
> > > OAP-L3: Original Absolute Privacy - Level3 Encryption
> > Software -
> > > Complete Help Files at web site
> > >
> > > Includes complete detailed explanation of entire
> > encryption
> > > software package: theory, operation, etc.
> > >
> > > http://www.ciphile.com
>
> The quote you refer to was part of a preliminary web page that should
> not have been placed on the web site. It only suggested what was
> meant but was poorly expressed.
>
> The "What's Ahead" web page is the correct one and I have seen that
> the offending page has been removed and replaced, etc.
>
> I was unaware of this problem and did not realize the mistake even
> when you mentioned it.
>
> Thanks for pointing it out.
>
> AS
Hey guys, give the guy a break. If you think is programme is snake oil
then it should not be hard to show just that. Until then it is unfair to
judge his prog. out of hand. Maybe he's on to something. You all seem to
forget that before "Chris" the world was flat!
Peter Rabbit
------------------------------
From: Eric Smith <[EMAIL PROTECTED]>
Crossposted-To: talk.politics.crypto
Subject: Re: UK publishes 'impossible' decryption law
Date: 19 Feb 2000 23:20:27 -0800
zapzing <[EMAIL PROTECTED]> writes:
> I remember seeing in "Wired" magazine (forgot
> the issue) that an upgrade of the TCP/IP
> protocol is planned , and it is encrypted so that
> what the hackers did will be impossible.
The DDoS attack will probably *always* be possible.
Encrypting TCP connections (or IP) will not prevent it.
Even if 99.99% of the machines on the Internet were
secure against all known vulnerabilites (which will
never happen), the remaining 0.01% would be more than
sufficient for the script kiddies to infiltrate and
launch attacks.
------------------------------
From: Eric Smith <[EMAIL PROTECTED]>
Crossposted-To: talk.politics.crypto
Subject: Re: UK publishes 'impossible' decryption law
Date: 19 Feb 2000 23:25:29 -0800
zapzing <[EMAIL PROTECTED]> writes:
> I'm sure that in England, as in America,
> "ignorance is no excuse for the law".
Which America are you in? Here in the U.S.A, ignorance
is one of the top excuses for a vast number of laws, followed
by stupidity and greed.
------------------------------
From: [EMAIL PROTECTED] (Xcott Craver)
Subject: Re: Is Phi perfect?
Date: 20 Feb 2000 08:05:24 GMT
Frank the_root <[EMAIL PROTECTED]> wrote:
>Hi,
Hi, Frank the Root,
>I always thought that the Euler's Phi fonction ( Phi(n) ) was the
>fonction that gives the number of numbers relatively prime to n and
>smaller than n by the multiplication of each primes factors of n reduced
>by one.
That's not how Phi(n) is defined.
When n is a product of distinct primes pq (as occurs in RSA,)
it is true that Phi(n) = Phi(pq) = (p-1)(q-1). However, this
is a special case: in general, Phi(n) is defined as
Phi(n) = n * (1 - 1/p)(1 - 1/q)(...)
where p,q,... are the distinct prime factors of n. So:
>For exemple: Let's determine the number of numbers relatively prime to
>125: 125 = 5³, so we can see that at each 5 numbers, 4 of them are
>relatively prime to 125. 125 × (5/4) = 42 != (5-1)(5-1)(5-1)
Phi(125) = 125*(1-1/5) = 125*(4/5) = 100.
>Phi(9) (3-1)(3-1) != 6
Phi(9) = 9*(1-1/3) == 6
>Phi(16): (2-1)(2-1)(2-1)(2-1) != 8
Phi(16) = 16*(1-1/2) == 8
>Phi(49): (7-1)(7-1) != 42
Phi(49) = 49*(1-1/7) == 42
>Frank
-Xcott
------------------------------
From: [EMAIL PROTECTED] (Tony L. Svanstrom)
Crossposted-To: talk.politics.crypto,alt.privacy
Subject: Re: OAP-L3 Encryption Software - Complete Help Files at web site
Date: Sun, 20 Feb 2000 09:48:35 +0100
Peter Rabbit <[EMAIL PROTECTED]> wrote:
> Hey guys, give the guy a break. If you think is programme is snake oil
> then it should not be hard to show just that. Until then it is unfair to
> judge his prog. out of hand. Maybe he's on to something. You all seem to
> forget that before "Chris" the world was flat!
Just take a look at this site...
/Tony
--
/\___/\ Who would you like to read your messages today? /\___/\
\_@ @_/ Protect your privacy: <http://www.pgpi.com/> \_@ @_/
--oOO-(_)-OOo---------------------------------------------oOO-(_)-OOo--
DSS: 0x9363F1DB, Fp: 6EA2 618F 6D21 91D3 2D82 78A6 647F F247 9363 F1DB
---ôôô---ôôô-----------------------------------------------ôôô---ôôô---
\O/ \O/ ©1999 <http://www.svanstrom.com/?ref=news> \O/ \O/
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Biggest keys needed (was Re: Does the NSA have ALL Possible PGP keys?)
Date: Sun, 20 Feb 2000 09:23:49 GMT
On Tue, 01 Feb 2000 19:41:14 -0500, "Trevor Jackson, III"
<[EMAIL PROTECTED]> wrote:
<snip>
>This issue came up a few months ago. If every possible position in the
>observable universe is a computer that tests a key in the Fermi time and they
>all run until the breakdown of protons (1e31 years by a stale theory), then you
>need a key of ~870 bits to prevent it being found.
>
>N.B., this is as close as I can envision to Ritter's "Cryptanalyst's Stone"
>
>>
>>
>> Is that still big enough given quantum computing advances? Can it be? (The
>> only quantum computers I've been able to understand are Feynman's
>> description, which focusses more on reversability than parallelism.)
>
>QC gives you around sqrt() advantage, so doubling the key yields about the same
>strength.
>
I recall seeing a post sometime in the last month or so in sci.crypt
citing a theorem or paper (the name of the proponent of the theorem
started with R, I think) that quanitified the impact that quantum
computing would have on factoring. However I cannot now find the ref
or the post. Is anyone aware of such a theorem and/or paper, and can
post a reference?
I thought that the impact of QC was much greater than is suggested in
Trevor's post - that is in theory, QC factoring of *very* large
products of primes would be close to instantaneous.
------------------------------
Crossposted-To: talk.politics.crypto,sci.answers,news.answers,talk.answers
Subject: Cryptography FAQ (01/10: Overview)
From: [EMAIL PROTECTED]
Reply-To: [EMAIL PROTECTED]
Date: 20 Feb 2000 10:16:39 GMT
Archive-name: cryptography-faq/part01
Last-modified: 1999/06/27
This is the first of ten parts of the sci.crypt FAQ. The parts are
mostly independent, but you should read this part before the rest. We
don't have the time to send out missing parts by mail, so don't ask.
Notes such as ``[KAH67]'' refer to the reference list in the last part.
Disclaimer: This document is the product of the Crypt Cabal, a secret
society which serves the National Secu---uh, no. Seriously, we're the
good guys, and we've done what we can to ensure the completeness and
accuracy of this document, but in a field of military and commercial
importance like cryptography you have to expect that some people and
organizations consider their interests more important than open
scientific discussion. Trust only what you can verify firsthand.
And don't sue us.
Many people have contributed to this FAQ. In alphabetical order:
Eric Bach, Steve Bellovin, Dan Bernstein, Nelson Bolyard, Carl Ellison,
Jim Gillogly, Mike Gleason, Doug Gwyn, Luke O'Connor, Tony Patti,
William Setzer. We apologize for any omissions.
Archives: sci.crypt has been archived since October 1991 on
ripem.msu.edu, though these archives are available only to U.S. and
Canadian users. Another site is rpub.cl.msu.edu in /pub/crypt/sci.crypt/
from Jan 1992.
The sections of this FAQ are available via anonymous FTP to rtfm.mit.edu
as /pub/usenet/news.answers/cryptography-faq/part[xx]. The Cryptography
FAQ is posted to the newsgroups sci.crypt, talk.politics.crypto,
sci.answers, and news.answers every 21 days.
The fields `Last-modified' and `Version' at the top of each part track
revisions.
1999: There is a project underway to reorganize, expand, and update the
sci.crypt FAQ, pending the resolution of some minor legal issues. The
new FAQ will have two pieces. The first piece will be a series of web
pages. The second piece will be a short posting, focusing on the
questions that really are frequently asked.
In the meantime, if you need to know something that isn't covered in the
current FAQ, you can probably find it starting from Ron Rivest's links
at <http://theory.lcs.mit.edu/~rivest/crypto-security.html>.
If you have comments on the current FAQ, please post them to sci.crypt
under the subject line Crypt FAQ Comments. (The crypt-comments email
address is out of date.)
Table of Contents
=================
1. Overview
2. Net Etiquette
2.1. What groups are around? What's a FAQ? Who am I? Why am I here?
2.2. Do political discussions belong in sci.crypt?
2.3. How do I present a new encryption scheme in sci.crypt?
3. Basic Cryptology
3.1. What is cryptology? Cryptography? Plaintext? Ciphertext? Encryption? Key?
3.2. What references can I start with to learn cryptology?
3.3. How does one go about cryptanalysis?
3.4. What is a brute-force search and what is its cryptographic relevance?
3.5. What are some properties satisfied by every strong cryptosystem?
3.6. If a cryptosystem is theoretically unbreakable, then is it
guaranteed analysis-proof in practice?
3.7. Why are many people still using cryptosystems that are
relatively easy to break?
3.8. What are the basic types of cryptanalytic `attacks'?
4. Mathematical Cryptology
4.1. In mathematical terms, what is a private-key cryptosystem?
4.2. What is an attack?
4.3. What's the advantage of formulating all this mathematically?
4.4. Why is the one-time pad secure?
4.5. What's a ciphertext-only attack?
4.6. What's a known-plaintext attack?
4.7. What's a chosen-plaintext attack?
4.8. In mathematical terms, what can you say about brute-force attacks?
4.9. What's a key-guessing attack? What's entropy?
5. Product Ciphers
5.1. What is a product cipher?
5.2. What makes a product cipher secure?
5.3. What are some group-theoretic properties of product ciphers?
5.4. What can be proven about the security of a product cipher?
5.5. How are block ciphers used to encrypt data longer than the block size?
5.6. Can symmetric block ciphers be used for message authentication?
5.7. What exactly is DES?
5.8. What is triple DES?
5.9. What is differential cryptanalysis?
5.10. How was NSA involved in the design of DES?
5.11. Is DES available in software?
5.12. Is DES available in hardware?
5.13. Can DES be used to protect classified information?
5.14. What are ECB, CBC, CFB, and OFB encryption?
6. Public-Key Cryptography
6.1. What is public-key cryptography?
6.2. How does public-key cryptography solve cryptography's Catch-22?
6.3. What is the role of the `trapdoor function' in public key schemes?
6.4. What is the role of the `session key' in public key schemes?
6.5. What's RSA?
6.6. Is RSA secure?
6.7. What's the difference between the RSA and Diffie-Hellman schemes?
6.8. What is `authentication' and the `key distribution problem'?
6.9. How fast can people factor numbers?
6.10. What about other public-key cryptosystems?
6.11. What is the `RSA Factoring Challenge?'
7. Digital Signatures
7.1. What is a one-way hash function?
7.2. What is the difference between public, private, secret, shared, etc.?
7.3. What are MD4 and MD5?
7.4. What is Snefru?
8. Technical Miscellany
8.1. How do I recover from lost passwords in WordPerfect?
8.2. How do I break a Vigenere (repeated-key) cipher?
8.3. How do I send encrypted mail under UNIX? [PGP, RIPEM, PEM, ...]
8.4. Is the UNIX crypt command secure?
8.5. How do I use compression with encryption?
8.6. Is there an unbreakable cipher?
8.7. What does ``random'' mean in cryptography?
8.8. What is the unicity point (a.k.a. unicity distance)?
8.9. What is key management and why is it important?
8.10. Can I use pseudo-random or chaotic numbers as a key stream?
8.11. What is the correct frequency list for English letters?
8.12. What is the Enigma?
8.13. How do I shuffle cards?
8.14. Can I foil S/W pirates by encrypting my CD-ROM?
8.15. Can you do automatic cryptanalysis of simple ciphers?
8.16. What is the coding system used by VCR+?
9. Other Miscellany
9.1. What is the National Security Agency (NSA)?
9.2. What are the US export regulations?
9.3. What is TEMPEST?
9.4. What are the Beale Ciphers, and are they a hoax?
9.5. What is the American Cryptogram Association, and how do I get in touch?
9.6. Is RSA patented?
9.7. What about the Voynich manuscript?
10. References
10.1. Books on history and classical methods
10.2. Books on modern methods
10.3. Survey articles
10.4. Reference articles
10.5. Journals, conference proceedings
10.6. Other
10.7. How may one obtain copies of FIPS and ANSI standards cited herein?
10.8. Electronic sources
10.9. RFCs (available from [FTPRF])
10.10. Related newsgroups
------------------------------
Crossposted-To: talk.politics.crypto,sci.answers,news.answers,talk.answers
Subject: Cryptography FAQ (02/10: Net Etiquette)
From: [EMAIL PROTECTED]
Reply-To: [EMAIL PROTECTED]
Date: 20 Feb 2000 10:16:40 GMT
Archive-name: cryptography-faq/part02
Last-modified: 94/06/13
This is the second of ten parts of the sci.crypt FAQ. The parts are
mostly independent, but you should read the first part before the rest.
We don't have the time to send out missing parts by mail, so don't ask.
Notes such as ``[KAH67]'' refer to the reference list in the last part.
The sections of this FAQ are available via anonymous FTP to rtfm.mit.edu
as /pub/usenet/news.answers/cryptography-faq/part[xx]. The Cryptography
FAQ is posted to the newsgroups sci.crypt, talk.politics.crypto,
sci.answers, and news.answers every 21 days.
Contents:
2.1. What groups are around? What's a FAQ? Who am I? Why am I here?
2.2. Do political discussions belong in sci.crypt?
2.3. How do I present a new encryption scheme in sci.crypt?
2.1. What groups are around? What's a FAQ? Who am I? Why am I here?
Read news.announce.newusers and news.answers for a few weeks. Always
make sure to read a newsgroup for some time before you post to it.
You'll be amazed how often the same question can be asked in the same
newsgroup. After a month you'll have a much better sense of what the
readers want to see.
2.2. Do political discussions belong in sci.crypt?
No. In fact some newsgroups (notably misc.legal.computing) were
created exactly so that political questions like ``Should RSA be
patented?'' don't get in the way of technical discussions. Many
sci.crypt readers also read misc.legal.computing, comp.org.eff.talk,
comp.patents, sci.math, comp.compression, talk.politics.crypto,
et al.; for the benefit of people who don't care about those other
topics, try to put your postings in the right group.
Questions about microfilm and smuggling and other non-cryptographic
``spy stuff'' don't belong in sci.crypt either.
2.3. How do I present a new encryption scheme in sci.crypt?
``I just came up with this neat method of encryption. Here's some
ciphertext: FHDSIJOYW^&%$*#@OGBUJHKFSYUIRE. Is it strong?'' Without a
doubt questions like this are the most annoying traffic on sci.crypt.
If you have come up with an encryption scheme, providing some
ciphertext from it is not adequate. Nobody has ever been impressed by
random gibberish. Any new algorithm should be secure even if the
opponent knows the full algorithm (including how any message key is
distributed) and only the private key is kept secret. There are some
systematic and unsystematic ways to take reasonably long ciphertexts
and decrypt them even without prior knowledge of the algorithm, but
this is a time-consuming and possibly fruitless exercise which most
sci.crypt readers won't bother with.
So what do you do if you have a new encryption scheme? First of all,
find out if it's really new. Look through this FAQ for references and
related methods. Familiarize yourself with the literature and the
introductory textbooks.
When you can appreciate how your cryptosystem fits into the world at
large, try to break it yourself! You shouldn't waste the time of tens
of thousands of readers asking a question which you could have easily
answered on your own.
If you really think your system is secure, and you want to get some
reassurance from experts, you might try posting full details of your
system, including working code and a solid theoretical explanation, to
sci.crypt. (Keep in mind that the export of cryptography is regulated
in some areas.)
If you're lucky an expert might take some interest in what you posted.
You can encourage this by offering cash rewards---for instance, noted
cryptographer Ralph Merkle is offering $1000 to anyone who can break
Snefru-4---but there are no guarantees. If you don't have enough
experience, then most likely any experts who look at your system will
be able to find a flaw. If this happens, it's your responsibility to
consider the flaw and learn from it, rather than just add one more
layer of complication and come back for another round.
A different way to get your cryptosystem reviewed is to have the NSA
look at it. A full discussion of this procedure is outside the scope
of this FAQ.
Among professionals, a common rule of thumb is that if you want to
design a cryptosystem, you have to have experience as a cryptanalyst.
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
