On 1/7/2015 3:32 PM, Warren Kumari wrote:
On Wed, Jan 7, 2015 at 3:09 PM, Kevin <[email protected]> wrote:
On 1/7/2015 2:40 PM, Jeffrey Goldberg wrote:
On 2015-01-07, at 12:26 PM, Kevin <[email protected]> wrote:
Any company could review it and decide if it's worth using or not.
Hi Kevin.
Actually that’s a part of my job within the company I work for. I’m the
one who can read some of the primary literature in cryptography. Now this
makes me unusual, not a lot of companies
our size have someone with my skills.
But I would be useless at evaluating your algorithm. I don’t know how to
check if linearity in S-Boxes; I don’t know what properties to look for in a
key schedule; I don’t know how to look for related key attacks, etc. I’ve
never broken anything and wouldn’t really know where to begin trying to
break something.
So what I do is rely on expert advice and err toward being conservative.
My understanding of both the process by which AES was developed and chosen
along with the extensive research on it is that remains a very good choice
as a block cipher.
So if I were to “review” your algorithm for my company, I wouldn’t do it
by actually reading the code, I would ask exactly the same sorts of
questions that you have been presented with:
(1) Does it offer me some valuable feature that isn’t available in more
standard alternatives?
If “no", there really is no reason to look at it further.
(2) Is there good reason to believe that it has all of the security
properties I depend on of what I am already using?
If “no”, there is no reason for me to look at it further.
(3) Is there a clear design document explains how it is supposed to
achieve its claimed security properties?
This is part of (2), but I wanted to break it into its own point. I can
read — slowly and with effort — the descriptions of the designs of the
things that I do use. I don’t get all of the finer points, but I see how
problems that I never even would have thought of are addressed.
As others have suggested, this is what you should START with.
(4) What does the expert community say about it?
If it hasn’t been sufficiently studied, then even if it is a complete work
of genius, I’m going to wait until people who know how to evaluate things
have done so.
(5) Are there “safe” implementations of it available for me to use?
An implementation needs to not only implement the algorithm, but guard
against side-channel attacks.
There are other things as well. All of which your system fails at without
anyone having to look at the code.
I am not going to take it down. Freedom, boys and girls, freedom.
Good for you. Now if you actually want people to start looking at it,
start with addressing
my point (3). If you don’t make it easy for people to analyze your system,
it is not going to receive the expert scrutiny required to meet some of the
other criteria.
But the concern is that there are software developers out there who don’t
pay attention to the criteria that I listed. So, sure, go ahead and play
with ideas. But please put some prominent notes that it hasn’t been
evaluated and was designed by someone with no expertise, and so should only
be used for playing around.
And if you would like expert evaluation, you need to help those experts.
There are lots of lone crackpots out there who think that they are lone
geniuses. You are going to show that it isn’t a complete waste of experts
time to look at your stuff.
Cheers,
-j
J. I think it's great that you can look at this sort of thing from all
angles. The security lies in data with a salt added to data which is
rotated to the left by the length of bytes. I won't insult your
intelligence by rehashing the formula as it is clearly written in the code.
Errr... *which* code? Where?
Sum total of what is published (that I could find) is:
https://github.com/kjsisco/qode/blob/master/qode.au3
containing 5 lines:
-----
qode
====
An encryption algorithm
-----
Perhaps you have missed the fact that you need to git push? Or is
there some other location that I missed somewhere?
W
The point is, do you feel this provides the level of security that you
desire? If the answer is no, in the trash can it goes!
--
Kevin
---
This email is free from viruses and malware because avast! Antivirus
protection is active.
http://www.avast.com
_______________________________________________
cryptography mailing list
[email protected]
http://lists.randombit.net/mailman/listinfo/cryptography
Code:
;QODE(Quick Offline Data Encryption)
;by
;Kevin J. Sisco([email protected]
;provides strong encryption for data entered
;written in Autoit
$i = Inputbox(" ", "Enter data")
$b = StringToBinary($i)
;convert to binary
$s = StringToBinary("the data is now secure")
;salt
$salt = $b+$s
;add salt to input
$l = BinaryLen($b)
;length in bytes
$br = BitRotate($b, $l)
;left bit rotation
$x = BitXor($br, $l)
;xor of rotation and length
$y = @YEAR
;current year
$r = Random(20, 50)
;random number
$formula = $salt+$br+$x+$y+10+32+$r*100
;formula
$t = $formula*$formula*$formula*Log($formula)
;total
$o = FileOpen("output.txt", 1)
;create output file
FileWriteLine($o, $formula)
;store the result
FileFlush($o)
;flush buffer to disk
FileClose($o)
;close the stream
--
Kevin
---
This email is free from viruses and malware because avast! Antivirus protection
is active.
http://www.avast.com
_______________________________________________
cryptography mailing list
[email protected]
http://lists.randombit.net/mailman/listinfo/cryptography
