A proposal for Bruce Schneir re GreatEncryption
Gary Eaker
I will publicize the algorithm in addition to 60k more data for
codebreakers soon to be added to the website. If Mr. Schneider or
anyone else wins the contest I will post a picture on the web of
myself in my Labrador's doghouse with text that reads "Great
Encryption belongs here" for one week.
But when August of 2007 rolls around without anyone winning the
contest Mr. Schneider will post a picture of himself for one week
wearing a dunce cap with a caption that reads "Great Encryption wins."
With ample time and world assistance surely he would not shrink from
such an easy challenge? I await his reply. Manny, I leave this for you
to take to your master. Take flight!
Sounds like a fun side bet doesn't it? How will Bruce be able to
resist? Oh sure, I will have to wait five years for my satisfaction
but think of Bruce. Why, according to some lesser crypto-gods haunting
scicrypt he may only have to wait a matter of hours once the algorithm
is known! Such a deal!
The data to be added to the website for codebreakers will consist of
three new plaintext messages (each 5k long) with two corresponding
ciphertexts for each. A 5k ciphertext with the plaintext to be
revealed 8-3-07 to go with the short message made with the tenth key
will also be added. All of the above data will be made with the same
tenth key. The tenth key itself (encrypted of course) will also be
posted with the other data.
Now some may argue that this isn't the right type of contest for
encryption software. I disagree. This is more data than should be
provided for codebreakers who can really crack codes. It seems to me
that a codebreaker worth his salt should be able to crack codes simply
from intercepting ciphertext once an algorithm is known.
Please let me know where to email the source code. Is there more than
one place encryption source code is routinely sent to?
Thanks for your help,
Gary Eaker
Ga...@GreatEncryption.com
David Wagner
>I will publicize the algorithm in addition to 60k more data for
>codebreakers soon to be added to the website. If Mr. Schneider or
>anyone else wins the contest I will post a picture on the web of
>myself in my Labrador's doghouse with text that reads "Great
>Encryption belongs here" for one week.
Sorry, but that's a silly proposal [1]. Have you read the sci.crypt and
sci.crypt.research FAQs? Such contests prove nothing about the security
of the encryption algorithm.
[1] But the picture you painted *was* amusing, and I'd give your proposal
points for humor value, at least. :-)
SCOTT19U.ZIP_GUY
<dcc0d664.02101...@posting.google.com>:
>
>Sounds like a fun side bet doesn't it? How will Bruce be able to
>resist? Oh sure, I will have to wait five years for my satisfaction
>but think of Bruce. Why, according to some lesser crypto-gods haunting
>scicrypt he may only have to wait a matter of hours once the algorithm
>is known! Such a deal!
If he can break it in a few days he would take you up on it.
However don't hold your breath the man seems to have a great hate
for people that write there on crypto. Since he already has called
your crypto snake oil it will wear that label for ever even if its dam
good.
I do have a few questions since I have run my own contests
lasting more than a year before.
1) Do you have the source code so one can look at it I did.
2) Do you hide weakness by using the random crap thing that
makes it harder to break but does not really test the
underlying method to it strength. I made my contest so
the same plaintext goes to same cipher code. You can always
add the random crap latter once you have proven your method
is good.
3) Pick an encryption cintest that someone using a weak AES or
similar Fishy method could not duplicate. Example Take a
long text file encrypt it with key X give the plain text
file along with the encrypted file as output. Next take
the plain text file and in secrect change 16 charactere
of the plain text file change only characters in the
middle third. Encrypt it with a new encryption key.
give the attackers the full second encrypted file minus
the last 16 bytes even give them the second key. So to break
the encryption they either find the changed 16 characters
of the plain text or they find the last 16 character of missing
ciphertext. I could run a contest like this due to strengh of
scott16u or scott19u. I dought your method strong enough for this
since AES crypto is not. However you might be able to design a
contest where one using AES would fail and yours would not.
David A. Scott
--
My Crypto code
http://cryptography.org/cgi-bin/crypto.cgi/Misc/scott19u.zip
http://cryptography.org/cgi-bin/crypto.cgi/Misc/scott16u.zip
http://www.jim.com/jamesd/Kong/scott19u.zip old version
My Compression code http://bijective.dogma.net/
**TO EMAIL ME drop the roman "five" **
Disclaimer:I am in no way responsible for any of the statements
made in the above text. For all I know I might be drugged.
As a famous person once said "any cryptograhic
system is only as strong as its weakest link"
Gary Eaker
> points for humor value, at least. :-)
I accept the humor points and will read what you rcmd'd. ;-)
Who knows, maybe Bruce will be unable to resist the temptation of the
bet? I'll wait for his reply. The picture of him in a dunce cap
strikes me as very funny. Oh, I did misspell his name several times as
Schneider instead of Schneier unintentionally. Sorry Bruce.
Raging Bull
Ga...@GreatEncryption.com (Gary Eaker) wrote:
>
> Considering the confidence of Mr. Schneider I propose the
> following:
> I will publicize the algorithm in addition to 60k more
> data for codebreakers soon to be added to the website.
SNIIIIIIIP a Roonie.
---------------------------
> Please let me know where to email the source code. Is there
> more than one place encryption source code is routinely sent
> to?
>
> Thanks for your help,
>
> Gary Eaker
> Ga...@GreatEncryption.com
Why should I use your encryption over PGP 6.5.8?
PGP has been tested.
- Raging Bull firkin AT redneck DOT gacracker DOT org
"DoublePlus UnGood ThoughtCrime"
Scott Contini
> Gary Eaker wrote:
> >I will publicize the algorithm in addition to 60k more data for
> >codebreakers soon to be added to the website. If Mr. Schneider or
> >anyone else wins the contest I will post a picture on the web of
> >myself in my Labrador's doghouse with text that reads "Great
> >Encryption belongs here" for one week.
>
> Sorry, but that's a silly proposal [1]. Have you read the sci.crypt and
> sci.crypt.research FAQs? Such contests prove nothing about the security
> of the encryption algorithm.
>
I agree. It always amuses me how somebody who knows very little about
a subject thinks they designed a new, great solution. This would be
like somebody claiming to design a new, better engine without knowing
anything
about past engine designs. Cryptography is a field that has developed
over
centuries based upon learning from mistakes. If you have not spent
the
time to read about the history and learn about the mistakes that are
commonly
made, it is almost certain that you are going to repeat them. Your
challenge
and your website demonstrates a general lack of understanding of
security
principals. Let me ask you this: what encryption methods have you
broken?
Do you understand the concepts of differential cryptanalysis and
linear
cryptanalysis? What makes you so confident that your encryption
method
resists these types of attacks? Even if it did, the extreme slowness
of
your encryption method makes it of no interest. It is much more
difficult
to design a fast, secure encryption method than it is a slow one.
Post your code and maybe somebody qualified will look at it
(Unfortunately,
I am overly busy with other projects for the next two months, but
somebody
here with some free time may do it). In the mean time, you ought to
start reading up on cryptography and begin to understand why your
challenge is
nonsense. The sci.crypt FAQ is one source. You could also read the
snakeoil
FAQ. And, even though the paper is normally associated with the
advent of
public key cryptography, "New Directions in Cryptography" explains
many of the
problems with what you are doing: secrecy of design and ciphertext
only
challenges are very bad assumptions to rely upon when trying to design
a secure
encryption method. (Yes, I know you claim that it is secure even if
the method
is published, but that is a lot easier to say that when nobody has
seen it yet
to prove you wrong. No well educated cryptographer would make such a
claim).
The regulars of sci.crypt have seen stuff like this over and over
again,
and it just gets old after a while. Most people just do not
understand
how things get broken. It is hard to take a challenge like this
seriously
when you're doing things entirely the wrong way, and you have no
qualifications
of being a cryptographer. That sounds rude, but it is the reality.
Scott
Tom St Denis
> Ga...@GreatEncryption.com (Gary Eaker) wrote in
> <dcc0d664.02101...@posting.google.com>:
>
> >
> >Sounds like a fun side bet doesn't it? How will Bruce be able to
> >resist? Oh sure, I will have to wait five years for my satisfaction
> >but think of Bruce. Why, according to some lesser crypto-gods haunting
> >scicrypt he may only have to wait a matter of hours once the algorithm
> >is known! Such a deal!
>
> If he can break it in a few days he would take you up on it.
> However don't hold your breath the man seems to have a great hate
> for people that write there on crypto.
Or peopel woo cant spel vary good.
> Since he already has called
> your crypto snake oil it will wear that label for ever even if its dam
> good.
non-snake oil designs can be weak too. "Strong" designs are those
that have academic merit and resist cryptanalysis. Being shrouded in
obscurity [e.g. undisclosed, unpublished or just poorly presented]
doesn't generally mean its a good design.
> I do have a few questions since I have run my own contests
> lasting more than a year before.
"contest" with no contestants... hmm I wonder why...?
> 1) Do you have the source code so one can look at it I did.
You're code, last I looked, is horrible and not an example of good
coding practices. You openly admit that portable code is not one of
your goals, etc..
Also while source code is good analysis of a design should start
higher up, e.g. the proposal paper.
Tom
Rahul Dhesi
>You're code, last I looked, is horrible and not an example of good
>coding practices. You openly admit that portable code is not one of
>your goals, etc..
In all fairness, it should be noted that ALL the sample code published
for the final round of AES was horrendously non-portable. I was trying
to find a good encryption algorithm in late 2000, and I tried all the
final-round AES candidates except RC6:
MARS, Rijndael, Serpent, Twofish
and in NONE of these cases was I able to get the published C code to
give consistent results on Microsoft NT 4.x, RedHat Linux 7.0, FreeBSD
4.x, and Solaris 2.7. I gave up and used 3DES from the OpenSSL library,
which worked right the first time. Any cryptographer being criticized
for nonportable code is being held to a much higher standard than NIST
required during the AES selection process.
--
Rahul
SCOTT19U.ZIP_GUY
<6f35025c.02101...@posting.google.com>:
>d...@mozart.cs.berkeley.edu (David Wagner) wrote in message
>news:<aolrhu$19ni$1...@agate.berkeley.edu>...
>> Gary Eaker wrote:
>> >I will publicize the algorithm in addition to 60k more data for
>> >codebreakers soon to be added to the website. If Mr. Schneider or
>> >anyone else wins the contest I will post a picture on the web of
>> >myself in my Labrador's doghouse with text that reads "Great
>> >Encryption belongs here" for one week.
>>
>> Sorry, but that's a silly proposal [1]. Have you read the sci.crypt
>> and sci.crypt.research FAQs? Such contests prove nothing about the
>> security of the encryption algorithm.
>>
>
>I agree. It always amuses me how somebody who knows very little about
>a subject thinks they designed a new, great solution. This would be
>like somebody claiming to design a new, better engine without knowing
>anything
>about past engine designs. Cryptography is a field that has developed
>over
>centuries based upon learning from mistakes. If you have not spent
>the
Ignore his rant. Crypto is like anything else. Look at the glock
it was made by someone with little knowledge about guns and its
one of the best. Look at underwater rebreathers those where done
by those new at the field. Or look at noble gas compounds. Lack
of knowledge does hurt in building good crypto in many cases.
But in some cases a little new blood can only help.
SCOTT19U.ZIP_GUY
<aon6nm$coh$1...@blue.rahul.net>:
Thank you for commentting I don't read Tommys crap since he is in
my killfile. I would have like to contribute to parts of the NIST thing
but it was not a really open contest. I thought I could also contribute
to the modes part but it really just a bunch or pretend know it alls
patting themselves on the back. I am not sure how many think good
crypto will come of it. If you want to see a good application
of the finally cipher using full block AES in a bijective way
with good compression check out BICOM. No its not mine.
Paul Crowley
> In all fairness, it should be noted that ALL the sample code published
> for the final round of AES was horrendously non-portable. I was trying
> to find a good encryption algorithm in late 2000, and I tried all the
> final-round AES candidates except RC6:
>
> MARS, Rijndael, Serpent, Twofish
>
> and in NONE of these cases was I able to get the published C code to
> give consistent results on Microsoft NT 4.x, RedHat Linux 7.0, FreeBSD
> 4.x, and Solaris 2.7. I gave up and used 3DES from the OpenSSL library,
> which worked right the first time. Any cryptographer being criticized
> for nonportable code is being held to a much higher standard than NIST
> required during the AES selection process.
Brian Gladman's implementations were portable, weren't they?
I'm particularly surprised about Rijndael - I don't think I'd know how
to write a non-portable implementation if I wanted to.
--
__ Paul Crowley
\/ o\ s...@paul.ciphergoth.org
/\__/ http://www.ciphergoth.org/
Rahul Dhesi
>c.c....@90.usenet.us.com (Rahul Dhesi) writes:
>> In all fairness, it should be noted that ALL the sample code published
>> for the final round of AES was horrendously non-portable. I was trying
>> to find a good encryption algorithm in late 2000...
>Brian Gladman's implementations were portable, weren't they?
>I'm particularly surprised about Rijndael - I don't think I'd know how
>to write a non-portable implementation if I wanted to.
Alas, I no longer remember which specific implementations I tested.
This was in late 2000 for a customer, and I did not keep any personal
records of my work. I spent an intense two weeks doing many Google
searches and downloading all available C source that I could find. In
many cases the code was not only byte-order-dependent but also
C-compiler-dependent.
I specifically needed C code, so I did not test the C++, Java, and other
implementations.
--
Rahul
SCOTT19U.ZIP_GUY
<878z0wa...@saltationism.subnet.hedonism.cluefactory.org.uk>:
Actaully his were not. I tried using one of his with GNU C he
counted on features I guess found in microsoft C so No his test
program using AES was not portable. The best protable one I got
to work was Matt Timmermans and it was bound with a bijective
compressor.
Tom St Denis
> tomst...@yahoo.com (Tom St Denis) writes:
>
> >You're code, last I looked, is horrible and not an example of good
> >coding practices. You openly admit that portable code is not one of
> >your goals, etc..
>
> In all fairness, it should be noted that ALL the sample code published
> for the final round of AES was horrendously non-portable. I was trying
> to find a good encryption algorithm in late 2000, and I tried all the
> final-round AES candidates except RC6:
True but they have fairly decent proposal papers. In my libtomcrypt
I've implemented numerous ciphers from the publications alone (rc5,
rc6, twofish, safer+ come to mind...)
> and in NONE of these cases was I able to get the published C code to
> give consistent results on Microsoft NT 4.x, RedHat Linux 7.0, FreeBSD
> 4.x, and Solaris 2.7. I gave up and used 3DES from the OpenSSL library,
> which worked right the first time. Any cryptographer being criticized
> for nonportable code is being held to a much higher standard than NIST
> required during the AES selection process.
Yeah but you omit the fact that most lame-ass wannabe's here don't
write decent papers either. Its one thing to have bad reference code
but to not even have a clear design proposal....
Tom
Tom St Denis
> Thank you for commentting I don't read Tommys crap since he is in
> my killfile. I would have like to contribute to parts of the NIST thing
> but it was not a really open contest.
Really? What did you submit that was rejected? Maybe the group here
can look at your rejected contribution and weigh in on your argument.
And you call my posts crap, Who exactly is "tommy" anyways?
Tom
Scott Contini
> it was made by someone with little knowledge about guns and its
> one of the best. Look at underwater rebreathers those where done
> by those new at the field. Or look at noble gas compounds. Lack
> of knowledge does hurt in building good crypto in many cases.
> But in some cases a little new blood can only help.
>
This is an example of the bad effect that Hollywood has had on our society.
There are a few examples in history where somebody walked into an area
that they did not know and had a profound effect. Now all these hoolywood
movies are making everybody believe that they could be that special person,
if they just hold on to their idea and stick to what they believe. What
they ignore is that more than 99.999% of the time that somebody new wonders
into a field that they don't know and thinks they invented the new great thing,
they turn out to be completely off. The statistics are against you. That
doesn't mean you shouldn't try: it just means that maybe you should get
some expert advice in the field before you go around trying to start a new
company based upon something you have little expertise in.
Good luck!
Scott
SCOTT19U.ZIP_GUY
>david_...@emailv.com (SCOTT19U.ZIP_GUY) wrote in message >
I forgot to mention huffman he was just a student when he came up
with huffman compression at least that was what I read. And yes
good luck.
Gary Eaker
> over
> centuries based upon learning from mistakes. If you have not spent
> the
> time to read about the history and learn about the mistakes that are
> commonly
> made, it is almost certain that you are going to repeat them.
Agree with this. I have studied classical crypto more than modern
systems. Since GE is kind of a hybrid of the old and the new that's
OK. It is not binary but base 10. This in itself will be too
unconventional for some here I'm sure. But that should make little
difference. Both systems still have characters broken into smaller
pieces which are then substituted for and scrambled positionally -- in
most systems.
With GE each plaintext character starts by being converted into a two
digit number rather than more pieces in a binary system. This has
obvious advantages and disadvantages.
If anyone here has taken the time to download the free version of GE
they can enter a key and then search on their computer for two files
"lpms" and "mtrcs." These are both used throughout
encryption/decryption. You'll see that the lpms is composed of 999,983
digits and that mtrcs has 20k digits. Both of these vary as the key
varies and are at the heart of Great Encryption. More on this later.
Your
> challenge
> and your website demonstrates a general lack of understanding of
> security
> principals.
Unconventional maybe but I think you go too far here.
Let me ask you this: what encryption methods have you
> broken?
None.
> Do you understand the concepts of differential cryptanalysis and
> linear
> cryptanalysis?
Nope, but that is not a requirement to design good encryption. While
fearing crucifixion I will mention again that the designers of the OTP
probably didn't either. It didn't apply to the OTP. GE is NOT a OTP
but... you get the idea.
What makes you so confident that your encryption
> method
> resists these types of attacks?
When the algorithm is disclosed you can tell me. And that IS certainly
a very good reason to disclose algorithms. But I'm wagering that the
attacks will not apply. If wrong the first to see that can pick up
some cash for their trouble.
> Even if it did, the extreme slowness
> of
> your encryption method makes it of no interest.
From a practical standpoint of someone who simply wants to send std
encrypted emails GE is fast enough even before it is written in C to
speed up.
> It is much more
> difficult
> to design a fast, secure encryption method than it is a slow one.
Couldn't agree more but when developing GE security rather than speed
was always the concern.
>
> Post your code and maybe somebody qualified will look at it
> (Unfortunately,
> I am overly busy with other projects for the next two months, but
> somebody
> here with some free time may do it).
The algorithm is not short and written in VB. I can't simply post it
as a message can I? It is quite complex.
>(Yes, I know you claim that it is secure even if
> the method
> is published, but that is a lot easier to say that when nobody has
> seen it yet
> to prove you wrong.
I do agree now that it needs to be published rather than wait for the
patent. Please give me details on how you think it best to accomplish
this.
> The regulars of sci.crypt have seen stuff like this over and over
> again,
> and it just gets old after a while. Most people just do not
> understand
> how things get broken. It is hard to take a challenge like this
> seriously
> when you're doing things entirely the wrong way, and you have no
> qualifications
> of being a cryptographer. That sounds rude, but it is the reality.
Reality is for people who can't handle drugs. ;-) Or delusion for that
matter. I don't mind your directness, Scott. I am inclined toward
speaking my mind myself. Thanks. More details to follow. My mattress
beckons me for now...
jsa...@ecn.ab.ca
: Who knows, maybe Bruce will be unable to resist the temptation of the
: bet?
Although I didn't see the original post in this thread, I don't think so.
The problem isn't that your cipher might necessarily be breakable with 60K
more sample ciphertext and a description of the algorithm. Even if it
weren't practical for anyone to actually break your sample ciphertext,
this might not mean that the algorithm is suitable to be recommended for
use.
However, study of the algorithm would be able to settle that question.
For example, an algorithm as good as DES with independent subkeys would
not be considered adequate for use. That can be broken in 2^65 operations.
To do so, however, requires a considerable amount of chosen plaintext,
because the key size is too large for the simple attack of brute-force
searching. So it wouldn't be possible to break DES with independent
subkeys by using a lot of computers on a sample ciphertext, even though
this could be done with regular DES.
Also, it's no particular trick to come up with a strong encryption
algorithm by making things bigger. I've designed a few of my own...
http://home.ecn.ab.ca/~jsavard/co0407.htm
naturally, though, high-speed yet secure algorithms are attractive.
John Savard
jsa...@ecn.ab.ca
: Since GE is kind of a hybrid of the old and the new that's
: OK. It is not binary but base 10. This in itself will be too
: unconventional for some here I'm sure.
There _are_ reasons for objecting to a system like that which have
considerable validity. It is quite reasonable to suspect that such a
system would be designed in a naive manner.
Using different number bases _can_ allow one to split a ciphertext up into
fractions of a bit, and this indeed can make the cryptanalyst's problem
more difficult. And there are things we can learn from the "old". Indeed,
my web site describes cryptosystems old and new partly in order to inspire
people. But if you're going to go to the old for inspiration, you need to
use the best of the old, and do so carefully - taking good ideas, and not
things that aren't actually beneficial.
John Savard
Richard Heathfield
>
> pa...@JUNKCATCHER.ciphergoth.org (Paul Crowley) wrote in
> <878z0wa...@saltationism.subnet.hedonism.cluefactory.org.uk>:
>
> >
> >Brian Gladman's implementations were portable, weren't they?
> >
> >I'm particularly surprised about Rijndael - I don't think I'd know how
> >to write a non-portable implementation if I wanted to.
>
> Actaully his were not. I tried using one of his with GNU C he
> counted on features I guess found in microsoft C so No his test
> program using AES was not portable.
Have you considered re-writing SCOTT19U in portable C?
--
Richard Heathfield : bin...@eton.powernet.co.uk
"Usenet is a strange place." - Dennis M Ritchie, 29 July 1999.
C FAQ: http://www.eskimo.com/~scs/C-faq/top.html
K&R answers, C books, etc: http://users.powernet.co.uk/eton
Yama
wrote:
<snip>
>
>> Post your code and maybe somebody qualified will look at it
>> (Unfortunately,
>> I am overly busy with other projects for the next two months, but
>> somebody
>> here with some free time may do it).
>
>The algorithm is not short and written in VB. I can't simply post it
>as a message can I? It is quite complex.
Really? We live on complex. And we've got chunks of guys like you in
our stools.
Get a grip, Beaker... think for a minute... hmmmm... where could I
post this source code for GreatEncraption, the demo for which I'm
inviting someone... anyone... to download from the website???...
wait a second... it's coming to me... hey! Why not use the
website???!!!
Good idea. Then post a link, Leaker.
<snip>
>
>> The regulars of sci.crypt have seen stuff like this over and over
>> again,
>> and it just gets old after a while. Most people just do not
>> understand
>> how things get broken. It is hard to take a challenge like this
>> seriously
>> when you're doing things entirely the wrong way, and you have no
>> qualifications
>> of being a cryptographer. That sounds rude, but it is the reality.
>
>Reality is for people who can't handle drugs. ;-) Or delusion for that
>matter. I don't mind your directness, Scott. I am inclined toward
>speaking my mind myself. Thanks. More details to follow. My mattress
>beckons me for now...
That always happens after the bong beckons, doesn't it Tweaker?
BTW you seem to have made zero typos in all your lame posts however in
the course of your initial barfback about snake-oil you blatently
mis-spelled the man from Counterpane's name. Twice and differently.
It's Bruce Schneier, Geaker.
Tom St Denis
Things like
unsigned long x, y;
memcpy(&x, pt, 4);
memcpy(&y, pt+4, 4);
Or say the Blowfish reference code...
As far as I know Gladman's code is not platform neutral in most cases
but its not hard to mod to make it so.
Tom
SCOTT19U.ZIP_GUY
<3DAFC0AA...@eton.powernet.co.uk>:
>"SCOTT19U.ZIP_GUY" wrote:
>>
>> pa...@JUNKCATCHER.ciphergoth.org (Paul Crowley) wrote in
>> <878z0wa...@saltationism.subnet.hedonism.cluefactory.org.uk>:
>>
><snip>
>> >
>> >Brian Gladman's implementations were portable, weren't they?
>> >
>> >I'm particularly surprised about Rijndael - I don't think I'd know how
>> >to write a non-portable implementation if I wanted to.
>>
>> Actaully his were not. I tried using one of his with GNU C he
>> counted on features I guess found in microsoft C so No his test
>> program using AES was not portable.
>
>Have you considered re-writing SCOTT19U in portable C?
>
Actaully scott16U is very portable. People have sent my
executable and such complied with other compliers. True
scott19u is not portable to most C. However work is slowly
going in that direction. Since I lot of the compression
subroutines I am working on also need bit manipulation.
So there is light at the end of the tunnes its just a
long tunnel.
johnekus
chickens ever :--)
One...two...three
(Heaviside Layer, remember...)
Actually, he set the electrical engineering world directly on its collective
ass with his ideas about using operational methods to solve EE problems
involving linear, time invariant, homogeneous differential equations having
constant coefficients!.
I think Bruce needs to put his money where his almighty mouth has been and
take up the challenge. If it is snake oil, a great guru should be able to
prove it by doing some cryptanalysis before church on Sunday.
JK
http://www.crak.com Password recovery and home of Gulpit(tm) Wireless
Packet Sniffer
"SCOTT19U.ZIP_GUY" <david_...@emailv.com> wrote in message
news:92AAD8B67H110W...@207.217.77.22...
Tom St Denis
> Then there was Oliver Heaviside, the inventor of the best egg producing
> chickens ever :--)
>
> One...two...three
>
> (Heaviside Layer, remember...)
>
> Actually, he set the electrical engineering world directly on its collective
> ass with his ideas about using operational methods to solve EE problems
> involving linear, time invariant, homogeneous differential equations having
> constant coefficients!.
>
> I think Bruce needs to put his money where his almighty mouth has been and
> take up the challenge. If it is snake oil, a great guru should be able to
> prove it by doing some cryptanalysis before church on Sunday.
While i'm not speaking directly about GE or Schneier here I want to
point out that just because you can't outright break a cryptosystem
doesn't make it undersireable.
From what I gather the design is closed and only the output is given?
[correct me if I am wrong]. From what I also here is that its not
particularly fast...etc..
What I am getting at is that there are more issues to designing a
system then which cipher it uses. In fact GE demonstrates one of the
most common snake-oil [like] traits. It places the cipher as the sole
importance in the design. Quite frankly that's BS all on its own.
You can have a perfect cipher and still have a flawed weak
cryptosystem.
Also there are practical issues. AES for instance was chosen to
fulfill multiple needs *one* of which is security. Security is not
the only need. The cipher has to be flexible, fast on platforms it is
likely to be used on, etc...
Scottu ciphers for instance fall into this trap too. Just because we
can't break Scottu19 doesn't mean its a good cipher. Heck, to an
extreme we can't break the OTP [ever] and obviously its an undesirable
system.
Another point is "snakeoil" is not synonymous with weak or
ineffective. Its mostly supposed to mean a design which lacks
scientific due process and merit. Typically a snake oil design is a
fly-by-night product trying to make a quick buck.
So when GE steps up with this super-duper-closed-design cryptosystem
where it has million bit keys and encrypts at 5000 bytes per second,
quite frankly that is a snake-oil product.
Tom
johnekus
There are certain situations where a nice snail like pace is just the
ticket.
Take file encryption, as in an Excel or a Word file. A fast cipher is not
needed because the time to run the crypto stuff is generally a small time
compared to the other shenanigans Microsoft does with these file formats.
Also, using a slow cipher increases resistance to brute force techniques.
Since the crypto time is small compared to the total time a file of this
type is opened and worked on, a few seconds to run the crypto is not
important. When the brute force attack is made, the long crypto time can
render the attack impractical.
I just don't like that academic snobbish PhD attitude that the only GOOD
crypto is crypto made by EXPERTS.
I don't know if GE is crap or not and I don't care. I would just like to
see a little more class exhibited by the illustrious B.S. If he has
analyzed the crypto and can show how it is weak, that is one thing. But, to
just lash out and complain that it sounds like bad crypto is good example of
great snobography...In my humble opinion.
Orphaned OST mail files are recovered in a snap!
"Tom St Denis" <tomst...@yahoo.com> wrote in message
news:c8016437.02101...@posting.google.com...
SCOTT19U.ZIP_GUY
>I would disagree that a cipher or cryptosystem must always be fast.
>
>There are certain situations where a nice snail like pace is just the
>ticket.
>
>Take file encryption, as in an Excel or a Word file. A fast cipher is
>not needed because the time to run the crypto stuff is generally a small
>time compared to the other shenanigans Microsoft does with these file
>formats.
>
>Also, using a slow cipher increases resistance to brute force
>techniques. Since the crypto time is small compared to the total time a
>file of this type is opened and worked on, a few seconds to run the
>crypto is not important. When the brute force attack is made, the long
>crypto time can render the attack impractical.
>
> I just don't like that academic snobbish PhD attitude that the only
> GOOD
>crypto is crypto made by EXPERTS.
>
>I don't know if GE is crap or not and I don't care. I would just like
>to see a little more class exhibited by the illustrious B.S. If he has
>analyzed the crypto and can show how it is weak, that is one thing. But,
>to just lash out and complain that it sounds like bad crypto is good
>example of great snobography...In my humble opinion.
>
Yes they are snobs I second that opinion and worse than that
some of them will flat lie and expect no one to notice. Wagner even
had the balls to say his slide attack made mince meat out of
scott16u or scott19u and was wrong. In fact when one expert
tried it out it failed. It turned out Wagner never even took
an honest look at it. They think they can bluff there way without
loooking since they are under the false illusions that only they
and there close friends can have an understanding of real crypto.
The sad thing is it seems that many new people seem to reinvent
the same bad systems over and over again independently. It is in these
systems that Mr BS and crew will point out as if its the only
type of system an ametuer will invent. But they can't be
honest enough to look at something like mine.
Secondly when one puts a good crypto sytem together using
something like AES they can't even take a look at that.
I am refering to BICOM which only Brian Gladman stated he
looked at. If Mr Wagner and Mr BS cared about crypto implimentations
BICOM is one they should have taken an honest look at. But
then again it doesn't make money for them and that what it
seems to be really about.
johnekus
Now I will grant you that there are times when one can reject claims more or
less out of hand based on one's expertise. Perpetual motion and its variants
can and should be given short shrift by any competent engineer. Likewise,
the old OTP can easily be pshawed away because it is obviously impractical
to the competent cryptographer.
Obviously a simple patent clerk (Einstein) could never come up with any
really earth shattering ideas, and neither could a penniless Serb (Tesla)
invent all of polyphase electrical distribution systems. Nor could a Harvard
drop-out (Bill Gates) lead a company to a leadership position in the
software world and become one of the richest men on earth. These things
require experts, that's all. They are not to be trifled with by mere
hackers.
Orphaned OST files recovered by expert hackers :--))
Our motto: "You Hack'em, We Crack'em"
JK
<jsa...@ecn.ab.ca> wrote in message news:sXNr9.4762$i%.1236670@localhost...
David Wagner
>I would disagree that a cipher or cryptosystem must always be fast.
You're missing the point. We already have ciphers that are both fast
and believed to be highly secure. Any new proposal must be better than
existing alternatives in some way to even be worth considering. If you
can't do better than existing schemes, why should we bother looking at
your scheme? It's up to you to make the case for your scheme.
Let me give a piece of unsolicited (and maybe unwanted) advice.
In general, you might want to study history and cryptography more before
engaging in cryptographic design. Otherwise, you're likely to just
repeat the same mistakes that others have made before.
> I just don't like that academic snobbish PhD attitude that the only GOOD
>crypto is crypto made by EXPERTS.
Too bad. I don't care what you like; I care what works.
(Please forgive my rudeness. I have nothing personal against you,
but it sounds like you could use a wake-up call, so I'm going to speak
bluntly in hopes that the message will get through.)
What makes you think you can invent a good cipher if you have no expertise
in the subject? Maybe you can, but it's not terribly likely. Imagine how
you would react if your doctor told you "You have appendicitis, a disease
that is life-threatening if not treated. We have a time-tested cure that
cures 99% of all patients with no noticeable side-effects, but I'm not
going to give you that: I'm going to give you a new experimental treatment
my cousin dreamed up last week. No, my cousin has no medical training.
No, I have no evidence that the new treatment will work, and it's never
been tested or analyzed in depth -- but I'm going to give it to you anyway
because my cousin thinks it is good stuff." You'd find another doctor,
I hope. Rational people leave medical care to the medical experts.
The medical experts have a much better track record than the quacks.
You really need to read Bruce Schneier's "Memo to an Amateur Cipher
Designer". Right now you're just making yourself look foolish.
David Wagner
>Well that's good advice except that it has the odor of the expert about it.
Heaven forbid we should get advice from the experts!
Maybe you would prefer we get advice from those who don't know anything
about the subject? That would be more egalitarian, I grant you,
but it would be a false egalitarian-ism.
Crypto, like science, is already egalitarian enough -- those
who study the subject diligently can become expert in the area, no
matter their background, race, gender, etc. Of course, this studying
takes patience, effort, and humility, but it is unrealistic to expect
that one can become expert in the area without any effort whatsoever.
SCOTT19U.ZIP_GUY
>johnekus wrote:
>>I would disagree that a cipher or cryptosystem must always be fast.
>
>You're missing the point. We already have ciphers that are both fast
>and believed to be highly secure. Any new proposal must be better than
>existing alternatives in some way to even be worth considering. If you
>can't do better than existing schemes, why should we bother looking at
>your scheme? It's up to you to make the case for your scheme.
>
Since in reality proving real security is in many cases somewhat
hard to define unless something can be broken. It not possible to
prove to someone that code is better than existing alternatives.
Especially to one that is blind to those capable of thinking
outside the box. Again as you yourself stated "belived to be
highly secure" but quite possible trival to break only time
will tell.
>Let me give a piece of unsolicited (and maybe unwanted) advice.
>In general, you might want to study history and cryptography more before
>engaging in cryptographic design. Otherwise, you're likely to just
>repeat the same mistakes that others have made before.
>
>> I just don't like that academic snobbish PhD attitude that the only GOOD
>>crypto is crypto made by EXPERTS.
>
>Too bad. I don't care what you like; I care what works.
Talk is cheap since when did you care if something works.
The guy is write about the academic snobbish PhD attitude.
>
>(Please forgive my rudeness. I have nothing personal against you,
>but it sounds like you could use a wake-up call, so I'm going to speak
>bluntly in hopes that the message will get through.)
>
Why should he forgive your rudeness. When its you way of
insulting people.
>What makes you think you can invent a good cipher if you have no expertise
>in the subject? Maybe you can, but it's not terribly likely. Imagine how
>you would react if your doctor told you "You have appendicitis, a disease
>that is life-threatening if not treated. We have a time-tested cure that
>cures 99% of all patients with no noticeable side-effects, but I'm not
Unfortunately crypto is not medicene so the comparision is
not what you call very informative nore related. so snip...
By the way Mr Wagner I don't trust you at all. Based on
past statements. I suspect the guy whose cipher your bashing
is something that is very weak so your stringing him a long before
you show your hand. Care to attempt to be honest about scott19u
or do you wish to pretend you don't have time. You did state
your slide attack made mince meat out of it until Horace looked
at it or do you remember. No I see it more fun to tant a neweibe
and then in a few weeks expose him as wrong. So you can smuggly
pronance that mewbes know nothing comparted to self appointed
experts like you. Well news flash if your where half as good
as you think you are the NSA would have hired you and you would
not be parading around here.
Gary Eaker
> website???!!!
I want to avoid that. I would rather post it in a different site where
other encryption algorithms are posted. I think I found one! I'll give
out the link when done.
And believe it or not I didn't spell Schneier Schneider on purpose. I
bet if you asked him he would say that has happened throughout his
life. Kind of like throughout my life I have had to tell people that
Eaker is pronounced "acre."
Lighten up!
Gary Eaker
> [correct me if I am wrong]. From what I also here is that its not
> particularly fast...etc..
Now opening. See the post on how GE works. And that of course is the
broad strokes so the algorithm is following.
>
> What I am getting at is that there are more issues to designing a
> system then which cipher it uses. In fact GE demonstrates one of the
> most common snake-oil [like] traits. It places the cipher as the sole
> importance in the design. Quite frankly that's BS all on its own.
> You can have a perfect cipher and still have a flawed weak
> cryptosystem.
A cipher to be good must have a few qualites: It should be secure, it
should be easy to use, and it should be fast enough for the
application it is designed for. I do agree that you can have a perfect
cipher that is not good for other reasons. In a way the OTP falls into
that category. But with special care it too can be useful and is still
used today I've heard.
>
> Also there are practical issues. AES for instance was chosen to
> fulfill multiple needs *one* of which is security. Security is not
> the only need. The cipher has to be flexible, fast on platforms it is
> likely to be used on, etc...
Security is the first requirement. A single cipher must not be
required to do everything well on all systems and platforms in the
world. It would be nice but such a system probably doesn't exist.
There are trade offs in almost everything.
>
> Scottu ciphers for instance fall into this trap too. Just because we
> can't break Scottu19 doesn't mean its a good cipher. Heck, to an
> extreme we can't break the OTP [ever] and obviously its an undesirable
> system.
>
> Another point is "snakeoil" is not synonymous with weak or
> ineffective. Its mostly supposed to mean a design which lacks
> scientific due process and merit. Typically a snake oil design is a
> fly-by-night product trying to make a quick buck.
When the GE algorithm is examined you can tell me what you think of
it. When I think of a snakeoil salesman I think of someone who knows
what they are selling doesn't work but they don't care. They are
interested in money above all else even if it means lying to
customers. This is a charge thrown around at people like myself when I
know it is not true.
That is why I and others find such a label offensive. Can I ask you a
personal question Tom? Do you consider yourself a liberal,
conservative, or other?
David Wagner
> Since in reality proving real security is in many cases somewhat
>hard to define unless something can be broken. It not possible to
>prove to someone that code is better than existing alternatives.
Yes, that *is* a challenge. It's not an excuse for failing to study
history or the field, though, and it's not an excuse for cipher designers
to avoid doing any analysis on their cipher.
>Care to attempt to be honest about scott19u
>or do you wish to pretend you don't have time. You did state
>your slide attack made mince meat out of it until Horace looked
>at it or do you remember.
Yes, you were right and I was wrong. Horace found an error in my
reasoning. I apologize for any confusion I may have caused. I should
have been more cautious. Please accept my sincere apologies.
For the record, I'm not aware of any flaws in the GreatEncryption scheme.
I have never looked at it, and I don't know anything about how the
proposed cipher works.
David Wagner
>When I think of a snakeoil salesman I think of someone who knows
>what they are selling doesn't work but they don't care. They are
>interested in money above all else even if it means lying to
>customers. This is a charge thrown around at people like myself when I
>know it is not true.
I'm glad to hear it. I hope we can provide helpful comments.
(However, so far I stand by my comments: cipher design is tricky
stuff, and most designs by those who haven't studied the field fail
to be competitive with the state of the art.)
Yama
wrote:
>> Why not use the
>> website???!!!
>
>I want to avoid that.
Sure. I mean, why start... you know... sensibility now?
And in as much as competent cryptographers seem to publish source and
details about their algorithms along with all the other facets
relating to the work on the same website, I now realize it would be
better for anyone involved if you don't do that.
> I would rather post it in a different site where
>other encryption algorithms are posted.
GreatIdea.
> I think I found one! I'll give
>out the link when done.
GreatExcitement!
>
>And believe it or not
Where in blazes is Ripley when you need him?
> I didn't spell Schneier Schneider on purpose. I
>bet if you asked him he would say that has happened throughout his
>life. Kind of like throughout my life I have had to tell people that
>Eaker is pronounced "acre."
GreatExcuses
>
>Lighten up!
GreatRetort
Axolotl2
j> and neither could a penniless Serb (Tesla) ...
What is this bullshit? Both these people had gone through
grad school. Einstein had his PhD in the pipeline. Both had
good grades and were regarded as brilliant by their professors.
***BOTH OF THEM TOOK GRAD-LEVEL MATH COURSES, AND PASSED***
What does this have to do with crypto?
Mats Lofkvist
> [snip]
>
> I think Bruce needs to put his money where his almighty mouth has been and
> take up the challenge. If it is snake oil, a great guru should be able to
> prove it by doing some cryptanalysis before church on Sunday.
>
I think this misconception that a bad design can be cracked in hours
by a guru is the reason for much of the 'I have this great design,
but the experts refuse to acknowledge it' complaints here.
What is missed is that the established designs has withstood man-years
of analysis. This means that even if the guru failed finding a crack
in a new design after weeks of full time work, that still doesn't
prove the new design is even in the same league as the established
systems.
The trick is to persuade the experts to spend man-years on analyzing
your design. How to do that without first building up your reputation
(i.e. becoming one of the experts), I don't know.
_
Mats Lofkvist
m...@algonet.se
Simon Johnson
> who study the subject diligently can become expert in the area, no
> matter their background, race, gender, etc.
I think that depends apon which type of expert. An expert 'advisor' in
cryptography is certainly achievable by anyone with effort. A cipher
breaker/maker on the other hand is probably out of reach by alot of
people even with tremendous effort. Cipher breaking requires a unique
mind-set. Of course, if you sampled people with this mind set from
different backgrounds, races and genders... we'd expect to see all of
them in equalish proportions in the field..
Simon.
Bruce Stephens
[...]
> Security is the first requirement. A single cipher must not be
> required to do everything well on all systems and platforms in the
> world. It would be nice but such a system probably doesn't exist.
> There are trade offs in almost everything.
You still aren't addressing the point.
We already have lots of ciphers that nobody knows how to break. Many
of these ciphers are fast, small enough for embedded devices, have
relatively small keys (but easily large enough to defeat brute-force
attacks), and work on all kinds of data. These are ciphers which have
been published, and examined by the best cryptographers in the world.
In short, the world doesn't need a slow, limited, cipher, and such a
cipher won't get any more attractive just because the few people who
bother to try can't break it given a few hundred K of data.
What evidence there is suggests that we've already got several ciphers
which are better.
We've still got problems out there that need solutions: very few
people use encryption (or digital signatures) when sending private
email. That's an interesting problem (very probably one without a
solution, but possibly there's one), but it has nothing at all to do
with a lack of unbreakable symmetric or asymmetric ciphers.
[...]
Tom St Denis
> > From what I gather the design is closed and only the output is given?
> > [correct me if I am wrong]. From what I also here is that its not
> > particularly fast...etc..
>
> Now opening. See the post on how GE works. And that of course is the
> broad strokes so the algorithm is following.
Yeah I replied to that as well. Look tim, write up a formal proposal
document then people will look at it seriously.
> > What I am getting at is that there are more issues to designing a
> > system then which cipher it uses. In fact GE demonstrates one of the
> > most common snake-oil [like] traits. It places the cipher as the sole
> > importance in the design. Quite frankly that's BS all on its own.
> > You can have a perfect cipher and still have a flawed weak
> > cryptosystem.
>
> A cipher to be good must have a few qualites: It should be secure, it
> should be easy to use, and it should be fast enough for the
> application it is designed for. I do agree that you can have a perfect
> cipher that is not good for other reasons. In a way the OTP falls into
> that category. But with special care it too can be useful and is still
> used today I've heard.
That's what separates "good" designs from snake oil. "Real"
cryptographers know the issues and try to solve them. Snake oil
vendors [hint: that's you] try to solve non-problems as a market hype.
Really secure ciphers already exist. For instance, 3DES has yet to be
broken in any meaningful sense [MITM attacks, etc..].
So if "being super secure" is all you're bringing to the table you
might as well go to bed without supper.
Real cryptographers try to design ciphers that improve upon state of
art. That is use less ram, be more suitable to more platforms, resist
more known attacks, etc..
Look at Twofish. Its a design that with some limited success tries to
target desktop software, embedded software and hardware [FPGA]. three
very different platforms. While its not entirely successful it shows
the designers were mindful of the state of art.
Rijndael as well is very well suited for a variety platforms. It can
operate with very little ram, 2Gbps hardware already exists, etc...
> > Also there are practical issues. AES for instance was chosen to
> > fulfill multiple needs *one* of which is security. Security is not
> > the only need. The cipher has to be flexible, fast on platforms it is
> > likely to be used on, etc...
>
> Security is the first requirement. A single cipher must not be
> required to do everything well on all systems and platforms in the
> world. It would be nice but such a system probably doesn't exist.
> There are trade offs in almost everything.
See above.
> > Scottu ciphers for instance fall into this trap too. Just because we
> > can't break Scottu19 doesn't mean its a good cipher. Heck, to an
> > extreme we can't break the OTP [ever] and obviously its an undesirable
> > system.
> >
> > Another point is "snakeoil" is not synonymous with weak or
> > ineffective. Its mostly supposed to mean a design which lacks
> > scientific due process and merit. Typically a snake oil design is a
> > fly-by-night product trying to make a quick buck.
>
> When the GE algorithm is examined you can tell me what you think of
> it. When I think of a snakeoil salesman I think of someone who knows
> what they are selling doesn't work but they don't care. They are
> interested in money above all else even if it means lying to
> customers. This is a charge thrown around at people like myself when I
> know it is not true.
No snake-oil vendors ploy on the ignorance of others. You think
super-tonics of the 1900s were sold to M.Ds on a regular basis? Hell
no, they targeted the ignorant mass of people.
You're site [which is horribly designed by the way] claims outright
that it has 109^5000 [or whatever] security. That its
super-unbreakable, etc.
That's the type of ploy like the Adverts on Yahoo that say "Hackers
are reading your hard disk, click here to find out more". Playing on
the fears and vices of people makes you look not only greedy and
immoral but stupid to those in the know.
> That is why I and others find such a label offensive. Can I ask you a
> personal question Tom? Do you consider yourself a liberal,
> conservative, or other?
If you find the label offsensive change your marketing strategy.
As for political views I'd say I'm a Tom. I have my own views on
things and I don't think I fit in the coin-operate view that is modern
politics. I personally believe that 99.9% of all politicians like
business[persons] are out to stiff the mass and generally don't care
for social well being.
For example, [I live in Canada] we have the french half-ass Jean as
our prime minister. He regularly skips out of heated social debates,
misses formal engagements [like that funeral two years ago] and
generally makes an ass of himself all the time. The only good thing
he has done was slugging that protester in his first term.
Eitherway, my political views [or lack thereof] are not the issue
here. The issue is why you keep up with your crap piece of trash no
good worthless waste of time software.
Tom
SCOTT19U.ZIP_GUY
>SCOTT19U.ZIP_GUY wrote:
>> Since in reality proving real security is in many cases somewhat
>>hard to define unless something can be broken. It not possible to
>>prove to someone that code is better than existing alternatives.
>
>Yes, that *is* a challenge. It's not an excuse for failing to study
>history or the field, though, and it's not an excuse for cipher designers
>to avoid doing any analysis on their cipher.
True its no excuse but many learn the hard way. Sometimes
its better to jump in an fail first so that one gets motivated
to actaully start looking at what others think. People usuaully
improve the second or third time around. Paul Onions changed
my views of how crypto should be done so I would say it took me
at least two or three times and maybe you think I am not there yet.
>
>>Care to attempt to be honest about scott19u
>>or do you wish to pretend you don't have time. You did state
>>your slide attack made mince meat out of it until Horace looked
>>at it or do you remember.
>
>Yes, you were right and I was wrong. Horace found an error in my
>reasoning. I apologize for any confusion I may have caused. I should
>have been more cautious. Please accept my sincere apologies.
>
Mr Wagner if its really you writting and you mean I except it.
The damage will never be undone though since I am sure it may have
prevented some from looking at the code. I changed the SUBJECT
field so others that hate me can see it they can trace back to
you reply if they wish. I wll also try to tone dowm my comments
about you but I am not skilled in the art of verbal warfare where
one tries to fight yet project an image of being above the fray.
Actaully many think my friendly replies are not friend so the
escalations start.
I wish I had met Horace he use to write to me. He knows you and
Bruce I guess from various meetings. But his real name is secret and
he is the one who first put up my site at XOOM now long dead.
>For the record, I'm not aware of any flaws in the GreatEncryption scheme.
>I have never looked at it, and I don't know anything about how the
>proposed cipher works.
I don't know either. And the fact is every day I am getting farther
behind in trying to write code I have promised for others. I want to
look at more but right know when I get the urge to code its more for
compression code. When I find the end of the tunnel I seem to get
boared and start another tunnel. However I am promising myself to
write more code.
I do wish you or Bruce would think or comment a little more on
bijective compression before encryption. Given two compressor that
compress the same amount would not a bijective compressor be more
secure than the nonbijective since no test key will automatically
be tossed out where as for the nonbijective version many will.
I suspose we differ in our views on this but I really would like
to hear you total views on this. Its not like you have to read
my horrible code or anything.
One more desire. I know you don't have time to look at BICOM
its not my code but it is free and does use full block AES code
maybe you could get a graduate student to analyse it. Maybe that
was pushing my luck but I tried.
Tom St Denis
> I would disagree that a cipher or cryptosystem must always be fast.
This is flawed logic. Sure a cryptosystem may not have to be fast but
cipher should always be as fast as possible on as many platforms as
possible. You have to see the distinction between cryptosystem and
cipher.
A cipher is just a part of a cryptosystem. There is no reason why it
shouldn't be as fast as possible. The cryptosystem may not require a
fast cipher, *HOWEVER* if you are to propose a new cipher it should
have "as many taskings" in mind which means being fast.
> There are certain situations where a nice snail like pace is just the
> ticket.
I'd say being purposely slow is the sign of an amateur.
> Take file encryption, as in an Excel or a Word file. A fast cipher is not
> needed because the time to run the crypto stuff is generally a small time
> compared to the other shenanigans Microsoft does with these file formats.
Needed and avoided are two different things. If you put say a
Sleep(10) in your write routine just to make it slow you're being
stupid. If you just don't bother optimizing your code then your lazy
but perhaps motivated otherwise.
> Also, using a slow cipher increases resistance to brute force techniques.
Generally thats not true. Unless your cipher is serial and sequential
in nature there are generally ways to optimize it. Just because you
can code or optimize code doesn't mean others can't.
> Since the crypto time is small compared to the total time a file of this
> type is opened and worked on, a few seconds to run the crypto is not
> important. When the brute force attack is made, the long crypto time can
> render the attack impractical.
Yeah, but by designing a cipher that is purposely slow you limit the #
of applications it can be used in. Imagine a home computer that cost
1500 and can only play MP3's and nothing else, can't run other
applications, OSes, etc...
> I just don't like that academic snobbish PhD attitude that the only GOOD
> crypto is crypto made by EXPERTS.
That's a bit far. I'd say anyone taking the time to study the field
can make a decent cipher. Those with patience and practice make
excelent ciphers. By correlation PhD's tend to design the best
ciphers since they're of the mindset todo so. Its not a direct
causation though. Not all PhD design the best ciphers. Look at the
horrible TEA ciphers. They're incomplete, non-analyzed ciphers
designed by IIRC a master or PhD graduate.
> I don't know if GE is crap or not and I don't care. I would just like to
> see a little more class exhibited by the illustrious B.S. If he has
> analyzed the crypto and can show how it is weak, that is one thing. But, to
> just lash out and complain that it sounds like bad crypto is good example of
> great snobography...In my humble opinion.
I doubt Bruce is the only one that thinks GE is a scam.
Think of it this way. When you are designing a new cipher you are
trying to solidify science. Bring something new to the table, etc.
Look at the published cipher designs over the last 5 years or so. Of
the most noted ones look at how they are written?
The RC5 paper for instance was written from the mindset that "hey
look, I can make a trivial to analyze cipher out of this new data
dependent rotation idea". Rivest wasn't writing "Look at this
million-bit uncrackable super-cipher I invented"
That is if you are to propose a new cipher write it from the mindset
of what new theory you are presenting. Just presenting some horrible
C or JScript code isn't really a proposal.
Eitherway I can't wait for GE dude to waste more money on his site and
such. I hope he fails and most importantly I hope he learns from his
mistakes.
Tom
John E. Hadstate
> "johnekus" <jMSN/ohn...@msn.com> wrote in message
news:<e87uT4vdCHA.1204@cpimsnntpa03>...
> > I would disagree that a cipher or cryptosystem must always be fast.
>
> This is flawed logic. Sure a cryptosystem may not have to be fast but
> cipher should always be as fast as possible on as many platforms as
> possible.
This is purely a matter of priorities. There are many legitimate
constraints that might keep a cipher (or any other algorithm) from being
implemented in such a way that it is "as fast as possible."
Maintainability is one that comes to mind. The need for readability, to
insure that the algorithm is actually implemented correctly is another.
[snip]
>
> > There are certain situations where a nice snail like pace is just
the
> > ticket.
> > Also, using a slow cipher increases resistance to brute force
techniques.
>
> Generally thats not true. Unless your cipher is serial and sequential
> in nature there are generally ways to optimize it. Just because you
> can code or optimize code doesn't mean others can't.
>
I agree with Tom on this one. Your priorities may be to implement
readable, maintainable code, but your attackers have a different agenda.
Remember, they don't have to play by your rules, and generally, they
don't.
> > I just don't like that academic snobbish PhD attitude that the only
GOOD
> > crypto is crypto made by EXPERTS.
>
If you think about it, that's a truism. Given the state of the art
today, if you design GOOD crypto, you are an expert, and most likely,
crypto is your profession.
Christopher Browne
Nothing guarantees that any given individual has the /aptitude/ to
become expert in cryptography.
The point is that there is little aside from aptitude preventing
people from /attempting/ to become expert.
If they are not apt, obviously no amount of effort will help.
And actually, it's not /quite/ true that there are /no/ barriers.
There are many countries where it would be considerably /dangerous/ to
study cryptography outside of the local government intelligence
apparatus, as it could be regarded as tantamount to spying.
Babbage's Rule: "No man's cipher is worth looking at unless the
inventor has himself solved a very difficult cipher" (The
Codebreakers by Kahn, 2nd ed, pg 765)
If you haven't gone through the exercise of trying to crack a security
system, it is unlikely that you can have the mindset for properly
analyzing them.
I recently reviewed a book that was putatively about "computer
security;" I had to warn the publisher that in the virtual absence of
comments like "here's a vulnerability" or "here is how this mechanism
resists attack," much of the material was barely relevant to
"security."
If you haven't analyzed attacks and vulnerabilities, my sense is that
you haven't any right to call yourself any kind of "security expert,"
whether in cryptography or otherwise.
The OTHER OTHER problem here is that we have here a set of people that
/imagine/ that they may be great cryptographers, but who haven't any
common set of vocabulary to allow them to communicate what they know.
The /known/ vocabulary has grown up in quasi-academic circles, and the
would-be-GreatCryptographers basically reject anything academic
probably because they weren't up to the challenge of jumping through
the hoops required to get through four years of a degree.
Those would-be-GreatCryptographers doubtless includes some cranks, who
are no Fulton, Columbus, Rivest, Shamir, or Schneier.
"They laughed at Columbus, they laughed at Fulton, they laughed at
the Wright brothers. But they also laughed at Bozo the Clown."
-- Carl Sagan
There /could/ be some cryptographic Srinivasa Ramanujan out there
waiting to be found. But it's worthy of note that he didn't get
recognized until G.H. Hardy, /very/ much the classic academic, was
able to recognize mathematical genius that others couldn't perceive.
And if they don't understand you, it's not necessarily because you're
too good; it could simply be that you're Bozo the Clown.
It may be worthwhile for the world to make special accomodation for
the likes of Ramanujan; for those of us that /aren't/ so lofty, it's
necessary for us to accomodate the field by learning the field's
terminology and the common theory and practice.
A Ramanujan-like genius may get away with expecting the world to beat
a path to their door. (Though there's a high risk that no one will
ever notice your genius; if Ramanujan had caught TB in India, no one
would likely ever have thought twice about him.)
For the rest, Schneier's "So, You Want to be a Cryptographer"
<http://www.tlsecurity.net/Textware/Crypto/cryptwant.txt> seems a
pretty fair statement. When he says that the easiest way is to 'Get a
Ph.D in cryptography,' that rings pretty true. The study of
mathematics that would be involved is "needful stuff."
To those that would protest that they can't cope with the academic
politics involved, I'd suggest that if this truly is a problem, this
suggests they are likely to have great difficulty communicating
usefully with others in the cryptographic community.
--
(reverse (concatenate 'string "ac.notelrac.teneerf@" "454aa"))
http://cbbrowne.com/info/nonrdbms.html
HELP! I'm being attacked by a tenured professor!
johnekus
always an affliction to which "experts" are frequent victims.
I am glad you brought up the subject of doctors as experts... AHEM....here
we go, this is WAY too easy:
1) The expert doctors for years resisted the germ theory and would not even
wash their hands before surgery!
2) The expert doctors advised eating bland food and frequently drinking milk
as a treatment for stomach ulcers...exactly the wrong advice.
3) The expert doctors would cut out parts of the stomach to treat
ulcers...with little benefit to the patient.
4) The expert doctors resisted the easy to prove notion that stomach ulcers
can, in most cases, be CURED by simply treating with antibiotics and
tagamet...even after scientific studies proved the link to bacterial cause.
5) The expert doctors have performed millions of unnecessary mastectomies
because they refused to examine data that proves that lumpectomies are at
least as effective.
6) The expert doctors subjected mental patients to the torture of insulin
shock therapy and electroshock.
7) The expert doctors have knuckled under the DEA on the issue of medical
marijuana.
I could go on...
My God man, surely you could have chosen a better example of the rectitude
of EXPERTS than the medical profession!
Maybe you could have referred to the law profession as an example of
expertise in action. No, that would have been WAY too easy... :--)
JK
WE recover OST files which have been tragically orphaned by the software
EXPERTS over there at Microsoft. Oh, did I mention that these EXPERTS
cannot actually do this recovery themselves???
I rest my case!
"David Wagner" <d...@mozart.cs.berkeley.edu> wrote in message
news:aoq8t0$2h0a$1...@agate.berkeley.edu...
Tom St Denis
> "Tom St Denis" <tomst...@yahoo.com> wrote in message
> news:c8016437.0210...@posting.google.com...
> > "johnekus" <jMSN/ohn...@msn.com> wrote in message
> news:<e87uT4vdCHA.1204@cpimsnntpa03>...
> > > I would disagree that a cipher or cryptosystem must always be fast.
> >
> > This is flawed logic. Sure a cryptosystem may not have to be fast but
> > cipher should always be as fast as possible on as many platforms as
> > possible.
>
> This is purely a matter of priorities. There are many legitimate
> constraints that might keep a cipher (or any other algorithm) from being
> implemented in such a way that it is "as fast as possible."
> Maintainability is one that comes to mind. The need for readability, to
> insure that the algorithm is actually implemented correctly is another.
When I said cipher I meant as a "cipher designer". Surely on some
platforms optimizations to the hilt are troublesome [e.g. say a Z80 or
8051]. However, as a cipher designer you definately want the cipher
to be efficient in x86, FPGA and hardware platforms.
Tom
David Wagner
> I do wish you or Bruce would think or comment a little more on
>bijective compression before encryption.
Well, in general, I suspect modern block ciphers are rarely, if ever,
the weak point in any real system, so I think our efforts may be better
spent on ways to strengthen the weak points of the system, not the strong
points.
Lohkee
"Axolotl2" <anon...@cotsebay.cotse.net> wrote in message
news:4F19O7IT3754...@anonymous.poster...
Seems to me that extremely fast unbreakable crypto is not really the
problem -
Message, Key : EqualLengthStreams;
For x:= 1 to Length(Message) do Inc(Message[x], Key[x]);
Nor is generating cryptographically acceptable "random" keys, ie., it must
be computationally impossible to predict what the Nth random bit will be
given 0th through N-1st bits. -
Key = some arbitrarily chosen input, i.e., go to the beach and record the
surf for a few hours, record traffic noises during the rush hour, or
whatever else makes you happy. For the extremely paranoid, blend the surf
with the rush hour to produce your key, strip out "dead space", ad nausium.
Key distribution, on the other hand . . . . . . . .
The idea that you have to be able to break crypto in order to develop strong
crypto it is nothing more than self-serving bullshit by largely
self-proclaimed experts. The idea that you have to be some kind of a math
wiz to develop strong crypto is more of the same. The idea that anything
"new" must be snake-oil if it does not fit in with some narrow-minded view
of the world promoted by these so-called experts is yet more self-stroking
crap (and more than a little ironic to say the least). Having said that, a
good system will stand on its own. Legally protecting a proprietary system
is both easy and inexpensive. There is really no reason not to publish the
full source/architectural description and let the experts take their best
shot. They will either crack it or they won't. Publishing encrypted text
with a challenge to crack it equates to nothing more than tilting the
contest in your favor by essentially blindfolding your attacker (which might
very well say something about your system if you need to do this). On the
other hand, the inability to crack some encrypted text or to thoroughly
document a viable attack **after** having time to study the source and
documentation might speak volumes about the expert! The bottom line is that
anyone can be an expert on the Internet and one test is worth a thousand
expert opinions!
Lohkee!
Tom St Denis
> Mr Wagner if its really you writting and you mean I except it.
> The damage will never be undone though since I am sure it may have
> prevented some from looking at the code. I changed the SUBJECT
> field so others that hate me can see it they can trace back to
> you reply if they wish. I wll also try to tone dowm my comments
> about you but I am not skilled in the art of verbal warfare where
> one tries to fight yet project an image of being above the fray.
> Actaully many think my friendly replies are not friend so the
> escalations start.
What damage? Oh yeah...
Hmm
Original post by Wagner...
Then in [one day latter]
Wagner admitted that his attack probably won't work as he thought.
So um, David A. Scott, get off your high horse. Just because you
can't seem to recall a conversation in which you belittled your
"enemy" doesn't mean you should keep holding this insane grudge.
Tom
Bryan Olson
Gary Eaker wrote:
> But when August of 2007 rolls around without anyone winning the
> contest
August of 2007 will roll around without anyone taking the
slightest interest in "GreatEncryption". We'll have forgotten,
and you'll have moved on to other things.
> Sounds like a fun side bet doesn't it? How will Bruce be able to
> resist?
He'll do what the rest of the world does: ignore you. The one
note in Cryptogram multiplied the number of people who have heard
of "GreatEncryption", but I expect that's all you'll get.
--Bryan
SCOTT19U.ZIP_GUY
Well thats a nice safe non answer. But I guess the field has enough
room that many can work on different paths.
Yama
wrote:
>
>"Axolotl2" <anon...@cotsebay.cotse.net> wrote in message
>news:4F19O7IT3754...@anonymous.poster...
>> j> Obviously a simple patent clerk (Einstein) ...
>> j> and neither could a penniless Serb (Tesla) ...
>>
>> What is this bullshit? Both these people had gone through
>> grad school. Einstein had his PhD in the pipeline. Both had
>> good grades and were regarded as brilliant by their professors.
>> ***BOTH OF THEM TOOK GRAD-LEVEL MATH COURSES, AND PASSED***
>> What does this have to do with crypto?
>
>
>Seems to me that extremely fast unbreakable crypto is not really the
>problem -
>
>Message, Key : EqualLengthStreams;
>
>For x:= 1 to Length(Message) do Inc(Message[x], Key[x]);
>
>
>Nor is generating cryptographically acceptable "random" keys, ie., it must
>be computationally impossible to predict what the Nth random bit will be
>given 0th through N-1st bits. -
>
>Key = some arbitrarily chosen input, i.e., go to the beach and record the
>surf for a few hours,
When you need a random number, get down to the beach...
>record traffic noises during the rush hour, or
>whatever else makes you happy. For the extremely paranoid, blend the surf
>with the rush hour to produce your key, strip out "dead space", ad nausium.
>
When you need a random number, get down to the highway during rush
hour...
>Key distribution, on the other hand . . . . . . . .
...is obviously beyond his comprehension.
>The idea that you have to be able to break crypto in order to develop strong
>crypto it is nothing more than self-serving bullshit
Maybe the idea is, but in actual practice it holds up like a Wonder
bra.
<snip>
>Legally protecting a proprietary system is both easy and inexpensive.
It better be, because you sho ain't gonna *make* any money
>There is really no reason not to publish the full source/architectural description and let the experts take their best
>shot.
True, if the presentation garners interest. But if it is flatly
assumed they will *take* interest, someone may be in for a surprise.
The only interest they may take, if taken at all, is to make sure
everyone knows it is the product of a buffoon.
<snip>
>The bottom line is that anyone can be an expert on the Internet and one test is worth a thousand
>expert opinions!
Until results matter. Then the bottom line will become painfully
clear to all who follow your advice.
Paul Crowley
> Gary Eaker wrote:
> > But when August of 2007 rolls around without anyone winning the
> > contest
>
> August of 2007 will roll around without anyone taking the
> slightest interest in "GreatEncryption". We'll have forgotten,
> and you'll have moved on to other things.
Bryan is right. There'll be another snake-oil merchant who behaves
exactly the same way along in a month or so. So far I've heard
nothing to separate your product from, say, VME, or any of the other
nonsense sold by people ignorant of the very existence of a science of
cryptology.
--
__ Paul Crowley
\/ o\ s...@paul.ciphergoth.org
/\__/ http://www.ciphergoth.org/
jsa...@ecn.ab.ca
: The idea that you have to be able to break crypto in order to develop strong
: crypto it is nothing more than self-serving bullshit by largely
: self-proclaimed experts. The idea that you have to be some kind of a math
: wiz to develop strong crypto is more of the same. The idea that anything
: "new" must be snake-oil if it does not fit in with some narrow-minded view
: of the world promoted by these so-called experts is yet more self-stroking
: crap (and more than a little ironic to say the least).
This is not quite true.
For one thing, there *are* a lot of bad systems out there.
As you've noted, the one-time-pad, which is very simple, has problems of
practicality. So if people *don't* use that, but use a system that depends
on one relatively short key, then in theory it might be crackable.
Whether it will be crackable or not depends on the computational work
required to find the key, or equivalent information, given sufficient
known plaintext (or chosen plaintext, or just ciphertext generated from
redundant plaintext). And that does depend on how well the cipher is
designed.
And while one might be able to produce a well-designed cipher without
having *all* the qualifications commonly recommended for the task, if one
both lacks the qualifications *and* displays a lack of interest in the
results obtained, and the designs produced, by those who have them, others
_ought_ to look very skeptically at one's designs. That only makes sense.
: Publishing encrypted text
: with a challenge to crack it equates to nothing more than tilting the
: contest in your favor by essentially blindfolding your attacker (which might
: very well say something about your system if you need to do this). On the
: other hand, the inability to crack some encrypted text or to thoroughly
: document a viable attack **after** having time to study the source and
: documentation might speak volumes about the expert!
Here is a counter-example:
DES with independent subkeys.
This has been proven, by experts, to be too weak to use in practice; it
can be attacked - with chosen plaintext in large quantities - by an attack
involving about 2^65 operations. That's crackable.
But that doesn't mean it could be attacked in practice with relatively
modest volumes of known plaintext, since it _is_ immune to brute-force.
Also, even documenting a viable attack - which should indeed be possible
for any cipher that really is weak - takes time and effort. Sadly, there
are very few real experts around... and there are very many amateur cipher
designers. The real experts - and I don't claim to be one of them - do
have better things to do.
John Savard
Simon
This is something I can't resist making a few comments on...
johnekus wrote:
> Well that's good advice except that it has the odor of the expert about it.
That has the odour of inverted snobbery about it.
There may be snobs in cryptology, but there are snobs outside of
cryptology, too. And just as there are plenty outside of cryptology who
are not snobs, there are those in cryptology who are not snobs, either.
To make the mistake of equating expertise with snobbery is to
reinforce any real problems of snobbery that may exist.
> Now I will grant you that there are times when one can reject claims more or
> less out of hand based on one's expertise. Perpetual motion and its variants
> can and should be given short shrift by any competent engineer. Likewise,
> the old OTP can easily be pshawed away because it is obviously impractical
> to the competent cryptographer.
You make it sound like the norm should be to default on the side of the
nonexperts rather than the experts. But aren't experts just nonexperts
who've aquired and learned from lots of experience?
> Obviously a simple patent clerk (Einstein) could never come up with any
> really earth shattering ideas,
You forgot the bit about him having a PhD in physics by the time he
published his Special Relativity paper (even if he was working in a
patent office at the time). If, say, Bruce Schneier was to get a job in
a fish'n'chip shop, would his opinions on cryptography start to count
for more?
> and neither could a penniless Serb (Tesla)
> invent all of polyphase electrical distribution systems.
Penniless, but not brainless.
> Nor could a Harvard
> drop-out (Bill Gates) lead a company to a leadership position in the
> software world and become one of the richest men on earth.
Someone who got into Harvard, rather than someone who couldn't even make
it into a local college. And so, it seems, the fact that he dropped out
of Harvard weighs against your argument.
> These things
> require experts, that's all. They are not to be trifled with by mere
> hackers.
Anyway, your prominent examples of people who didn't fit the mold rather
work against your argument. They are prominent because they are
exceptional, not because they're representative of the norm. Being
exceptional, being different from the norm, the norm, it would seem, is
different from them. Does that not rather suggest (and rather strongly)
that nonexperts will normally not do as good a job as experts?
What really strikes me, though, is that the expert bashers generally
don't seem to really take the experts on at their own, various games
(cryptography, physics, etc). Instead of becoming experts themselves,
and then making changes on the 'inside', they stay on the outside,
leaving the experts with that very strong defence and powerful
ammunition against those nonexperts.
If there is a problem with academic snobbery in cryptography, surely a
better way to oppose it is to enter that realm of academia and be part
of the change that's needed ;-)
But I must emphasize, experts are nonexperts who've learned a lot
through a lot of experience (a full glass is an empty glass that's been
filled up). To put it another way, experts are nonexperts who've
demonstrated that nonexperts can, indeed, come up with very good ciphers.
Absurd it is, then, that expert bashers bash the nonexperts who have
most succeeded (and hence become recognised as experts).
What's got to be realised is that experts (generally) are not opposing
nonexperts' pursuits in cryptography. Instead, they're nonexperts who
have been successful and are sharing their experience with other
nonexperts who wish to succeed.
Not that I'm an expert...
Simon
> http://www.crak.com
>
> Orphaned OST files recovered by expert hackers :--))
>
> Our motto: "You Hack'em, We Crack'em"
>
> JK
Lohkee
<jsa...@ecn.ab.ca> wrote in message news:zBAs9.4856$i%.1274495@localhost...
> Lohkee (loh...@worldnet.att.net) wrote:
> : The idea that you have to be able to break crypto in order to develop
strong
> : crypto it is nothing more than self-serving bullshit by largely
> : self-proclaimed experts. The idea that you have to be some kind of a
math
> : wiz to develop strong crypto is more of the same. The idea that
anything
> : "new" must be snake-oil if it does not fit in with some narrow-minded
view
> : of the world promoted by these so-called experts is yet more
self-stroking
> : crap (and more than a little ironic to say the least).
>
> This is not quite true.
While any of the above may well give someone a distinct advantage they are
not *absolute* prerequisites. The point I was really trying to make is that
the pursuit of knowledge is not well served by the sort of dialog that
routinely takes place in this news group. If someone is an *idiot* then
they can either be ignored or someone can, if they so desire, guide them
gently to a better place. Which brings me to the other side of the coin: If
someone thinks they have built a better mousetrap then they should be
willing to submit it for peer-review and let the chips fall where they may.
>
> For one thing, there *are* a lot of bad systems out there.
>
No argument there!
> As you've noted, the one-time-pad, which is very simple, has problems of
> practicality. So if people *don't* use that, but use a system that depends
> on one relatively short key, then in theory it might be crackable.
Agreed.
>
> Whether it will be crackable or not depends on the computational work
> required to find the key, or equivalent information, given sufficient
> known plaintext (or chosen plaintext, or just ciphertext generated from
> redundant plaintext). And that does depend on how well the cipher is
> designed.
Again, specific knowledge may help but I'm just not willing to take a
position that it is an absolute requirement (although the odds may very well
be stacked against those who do not have a higher understanding of math.
>
> And while one might be able to produce a well-designed cipher without
> having *all* the qualifications commonly recommended for the task, if one
> both lacks the qualifications *and* displays a lack of interest in the
> results obtained, and the designs produced, by those who have them, others
> _ought_ to look very skeptically at one's designs. That only makes sense.
Agreed, but skepticism is a far cry from sarcasm or rudeness which many in
this group routinely justify by pointing to their own "expertise."
>
> : Publishing encrypted text
> : with a challenge to crack it equates to nothing more than tilting the
> : contest in your favor by essentially blindfolding your attacker (which
might
> : very well say something about your system if you need to do this). On
the
> : other hand, the inability to crack some encrypted text or to thoroughly
> : document a viable attack **after** having time to study the source and
> : documentation might speak volumes about the expert!
>
> Here is a counter-example:
>
> DES with independent subkeys.
>
> This has been proven, by experts, to be too weak to use in practice; it
> can be attacked - with chosen plaintext in large quantities - by an attack
> involving about 2^65 operations. That's crackable.
>
> But that doesn't mean it could be attacked in practice with relatively
> modest volumes of known plaintext, since it _is_ immune to brute-force.
>
> Also, even documenting a viable attack - which should indeed be possible
> for any cipher that really is weak - takes time and effort. Sadly, there
> are very few real experts around... and there are very many amateur cipher
> designers. The real experts - and I don't claim to be one of them - do
> have better things to do.
>
If an expert does not want to take the time that is, of course, their
choice, however, if they do take the time to weigh-in on a particular system
then they should be willing to go the distance. To jump in and offer no
more than rudeness accomplishes nothing other than to stroke their own egos.
Lohkee!
> John Savard
David Wagner
>If an expert does not want to take the time that is, of course, their
>choice, however, if they do take the time to weigh-in on a particular system
>then they should be willing to go the distance.
That doesn't follow at all.
Christopher Browne
>> Nor could a Harvard drop-out (Bill Gates) lead a company to a
>> leadership position in the software world and become one of the
>> richest men on earth.
> Someone who got into Harvard, rather than someone who couldn't even
> make it into a local college. And so, it seems, the fact that he
> dropped out of Harvard weighs against your argument.
In his case, there were also the "demerits" that:
a) Gates grew up in a prominent family where dad was an intellectual
property lawyer, and mother a "school teacher." Mind you, a
"school teacher" that was on the national board of the United Way,
and a University of Washington regent.
b) Consistent with dad, he studied pre-law, unlike the other techies
out there...
c) The great success of the deal with IBM combined two factors:
1. IBM was in the throes of its antitrust suit, and so was not
free to act as it usually would, and
2. Guess what national charity board the relevant IBM VP was on?
The same one as Mary Gates...
There are indications that Gates was /required/ to drop out of Harvard
due to misappropriation of computer resources...
<http://philip.greenspun.com/bg/>
--
(concatenate 'string "aa454" "@freenet.carleton.ca")
http://cbbrowne.com/info/oses.html
Language was designed by people for their own use, so presumably it
[parsing] shouldn't be too difficult for them to do with whatever
algorithm they have. -- Bill Martin (6.863 lecture, spring 1980)
Richard Heathfield
>
<snip>
>
> There are indications that Gates was /required/ to drop out of Harvard
> due to misappropriation of computer resources...
Is this a case of "start as you mean to go on"?
--
Richard Heathfield : bin...@eton.powernet.co.uk
"Usenet is a strange place." - Dennis M Ritchie, 29 July 1999.
C FAQ: http://www.eskimo.com/~scs/C-faq/top.html
K&R answers, C books, etc: http://users.powernet.co.uk/eton
Anton Stiglic
should Bruce Schneier, or some other cryptanalyst, take them all up?
That's simply ridiculous!
P.S. 100 is not a far fetched number, if you count all the people that
post to sci.crypt saying they discovered the greatest new cipher,
and provide no documentation, you might very well count to 100.
--Anton
"johnekus" <jMSN/ohn...@msn.com> wrote in message
news:OUDpB$sdCHA.436@cpimsnntpa03...
> Then there was Oliver Heaviside, the inventor of the best egg producing
> chickens ever :--)
>
> One...two...three
>
> (Heaviside Layer, remember...)
>
> Actually, he set the electrical engineering world directly on its
collective
> ass with his ideas about using operational methods to solve EE problems
> involving linear, time invariant, homogeneous differential equations
having
> constant coefficients!.
>
> I think Bruce needs to put his money where his almighty mouth has been and
> take up the challenge. If it is snake oil, a great guru should be able to
> prove it by doing some cryptanalysis before church on Sunday.
>
> JK
>
> http://www.crak.com Password recovery and home of Gulpit(tm) Wireless
> Packet Sniffer
>
>
> "SCOTT19U.ZIP_GUY" <david_...@emailv.com> wrote in message
> news:92AAD8B67H110W...@207.217.77.22...
> > con...@matmail.com (Scott Contini) wrote in
> > <6f35025c.02101...@posting.google.com>:
> >
> > >david_...@emailv.com (SCOTT19U.ZIP_GUY) wrote in message >
> > >> Ignore his rant. Crypto is like anything else. Look at the glock
> > >> it was made by someone with little knowledge about guns and its
> > >> one of the best. Look at underwater rebreathers those where done
> > >> by those new at the field. Or look at noble gas compounds. Lack
> > >> of knowledge does hurt in building good crypto in many cases.
> > >> But in some cases a little new blood can only help.
> > >>
> > >
> > >This is an example of the bad effect that Hollywood has had on our
> > >society. There are a few examples in history where somebody walked into
> > >an area that they did not know and had a profound effect. Now all
these
> > >hoolywood movies are making everybody believe that they could be that
> > >special person, if they just hold on to their idea and stick to what
> > >they believe. What they ignore is that more than 99.999% of the time
> > >that somebody new wonders into a field that they don't know and thinks
> > >they invented the new great thing, they turn out to be completely off.
> > >The statistics are against you. That doesn't mean you shouldn't try:
it
> > >just means that maybe you should get some expert advice in the field
> > >before you go around trying to start a new company based upon something
> > >you have little expertise in.
> > >
> > >Good luck!
> > >
> > >Scott
> > >
> >
> > I forgot to mention huffman he was just a student when he came up
> > with huffman compression at least that was what I read. And yes
> > good luck.
Anton Stiglic
> As usual, I will ignore the vituperation and ad hominem attack...This is
> always an affliction to which "experts" are frequent victims.
>
> I am glad you brought up the subject of doctors as experts... AHEM....here
> we go, this is WAY too easy:
>
Good list. Professional cryptographers have made many mistakes as well.
The thing is that professional cryptographers took the time to be aware of
past mistakes so that they don't repeat them again.
Would you get medical treatment from some guy who has no medical
training and has a strong belief that frequently drinking milk is a good
treatment for stomach ulcers?
And considering your list of medical errors, what would be your answer
to David`s question: would you go with the cousin`s dreamed up cure?
If professionals make mistakes, what do you think is the err rate of
untrained people?
--Anton
Paul Crowley
> And what happens if 100 people decide to make a similar challenge,
> should Bruce Schneier, or some other cryptanalyst, take them all up?
> That's simply ridiculous!
>
> P.S. 100 is not a far fetched number, if you count all the people that
> post to sci.crypt saying they discovered the greatest new cipher,
> and provide no documentation, you might very well count to 100.
Anton is right. We see such things about once a month, and have done
ever since I started reading this group about eight years ago - that
makes about 100 by my reckoning.
If you think ignorance is an aid to designing cryptosystems, may I
recommend the following procedure.
1) Invent your cryptosystem without learning anything
2) Learn about the state of the art in modern cryptography and
cryptanalysis
3) Try and break your cipher
4) Present it in the way that new ciphers are ususally presented
(which you will now understand) including a comparison to the state of
the art.
That way, you get the best of both worlds: the "beginners mind" that
some think makes it possible to do something wonderful and new, and
the knowledge to properly assess what you've done in comparison to the
ciphers we already have.
If your cipher turns out to be good, you'll have maximised your
chances that it'll get published and people like Bruce will try and
break it.
Most likely, if you do it right, you'll be left with an appreciation
of the genius that goes into designing ciphers like AES and an
appreciation of why a deep understanding of the field is needed to do
it.
Richard Heathfield
>
> And what happens if 100 people decide to make a similar challenge,
> should Bruce Schneier, or some other cryptanalyst, take them all up?
> That's simply ridiculous!
>
> P.S. 100 is not a far fetched number, if you count all the people that
> post to sci.crypt saying they discovered the greatest new cipher,
> and provide no documentation, you might very well count to 100.
>
I have just discovered the greatest new cipher [1]. How about it, Bruce?
Oh, I appear to have lost the documentation. Never mind - Mr Scheier is
*supposed* to be an expert, so I see no need to give him unnecessary
hints such as sample ciphertext, or an algorithm description, or source
code.
No, I haven't done any cryptanalysis on this new cipher. After all, it's
uncrackable, so trying to crack it would just be a waste of my valuable
time.
Over to you, Mr Schneier - and don't be too long about it!
--
Richard Heathfield : bin...@eton.powernet.co.uk
[1] This looks like a good place for the smiley. :-)
Paul Crowley
> Over to you, Mr Schneier - and don't be too long about it!
Close, but you appear to spell "Schneier" correctly here...
Yama
<pa...@JUNKCATCHER.ciphergoth.org> wrote:
>Richard Heathfield <bin...@eton.powernet.co.uk> writes:
>> Over to you, Mr Schneier - and don't be too long about it!
>
>Close, but you appear to spell "Schneier" correctly here...
Ouch, babe.
Richard Heathfield
Don't worry - it was just a typo. :-)
--
Richard Heathfield : bin...@eton.powernet.co.uk
"Usenet is a strange place." - Dennis M Ritchie, 29 July 1999.
An Metet
"The main difference between an amateur crypto designer
and a used car salesman is that the used car salesman can
probably drive and knows when he's lying."
jsa...@ecn.ab.ca
: If an expert does not want to take the time that is, of course, their
: choice, however, if they do take the time to weigh-in on a particular system
: then they should be willing to go the distance. To jump in and offer no
: more than rudeness accomplishes nothing other than to stroke their own egos.
In many cases, however, people who are not experts, and have their own
cipher system, practise rudeness themselves - before anyone has replied to
them.
When they do that, they can quite reasonably expect they will not be
considered worth bothering with.
Sometimes the rudeness comes after polite replies pointing out that no, a
stream cipher really isn't a one-time-pad, or, no, there are already other
symmetric-key ciphers in the world that are believed to be secure.
Basically, though, anything that sounds like "I think all you
self-appointed experts are a bunch of idiots and fakers" - even if it
isn't necessarily meant quite that way - is going to get people's backs
up. I'm not sure what else one might reasonably expect.
Myself, on the one hand, I've tried to be patient and polite with a few
independent thinkers on this newsgroup. To a limited extent, I even share
some of their characteristics - I don't have full expert credentials, and
I have designed a few block ciphers of my own. They even have something
conventional designs lack - they're designed to be very hard to analyze
and understand, by combining multiple different structures, and they're
designed with very large safety factors. But they're still patterned after
the conventional designs of the experts.
I avoid any claim that people *need* to use ciphers like mine to be
secure. I can't claim that Rijndael, or IDEA, or any other popular cipher
design, is overrated; not only do I lack the relevant expertise, but that
simply isn't true in any case. I do think that even a hint of something
like the XSL attack should, where people are seriously concerned about
long-term security, lead to a strong reaction out of caution, though.
But I'm also aware that an overly elaborate design can trip itself up. For
example, there was an ingenious attack on a cipher involving an unkeyed
transposition between two DES layers - the transposition varied based on
the frequencies of the intermediate ciphertext, which the transposition
would not change. Basically, using chosen plaintexts consisting of
identical blocks would get information (when does the block encipher to
eight identical bytes) that can be used in a brute-force search on a
single DES layer, IIRC.
There are other examples. In my original QUADIBLOC design, I tried to
improve the cipher by putting a bit transpose in the middle. But an attack
(discovered by working with another cipher) called the "boomerang attack"
- David Wagner, who frequents this newsgroup, found it - shows that such
an operation is irrelevant, at least against differential cryptanalysis.
John Savard
Lohkee
<jsa...@ecn.ab.ca> wrote in message news:Waft9.4930$i%.1305698@localhost...
> Lohkee (loh...@worldnet.att.net) wrote:
> : If an expert does not want to take the time that is, of course, their
> : choice, however, if they do take the time to weigh-in on a particular
system
> : then they should be willing to go the distance. To jump in and offer no
> : more than rudeness accomplishes nothing other than to stroke their own
egos.
>
> In many cases, however, people who are not experts, and have their own
> cipher system, practise rudeness themselves - before anyone has replied to
> them.
Again, I don't disagree, but that does not change my original point, i.e.,
that it would probably be more productive to simply ignore the post
altogether rather than getting into a pissing contest that ultimately
accomplishes nothing other than to perhaps show that "experts" can be as
childish as the children they try to teach - not exactly a recipe for
success (at least in my book). I am not suggesting that pissing contests,
per se, are necessarily bad. I've had a few of my own (OTP) and would repeat
them again in a heartbeat as I did not receive any arguments that satisfied
my curiosity or that I could make any sense out of, only that if a person is
going to jump in the fray then they should be willing to back their position
with a little more than "I'm an expert and I say it is so." (credibility and
all that). Seems to me that one of the hallmarks of someone truly
knowledable in a given subject is the ability to take highly
technical/esoteric ideas and explain them in terms that are easily grasped
by the lay-person.
Andreas Gunnarsson
> Again, I don't disagree, but that does not change my original point, i.e.,
> that it would probably be more productive to simply ignore the post
> altogether rather than getting into a pissing contest that ultimately
> accomplishes nothing[...]
If someone proposes a system that - according to experience - with 99%
certainty is crap, it is a good thing to say so. This is a service to the
non-experts that may otherwise use it and lose when it isn't as good as
advertised. That does not mean you have a responsibility to provide free
cryptanalysis to someone who is trying to get others to use snake-oil.
If someone said "hey, I don't really know anything about skydiving but I
have designed a new totally cool parachute" I would certainly warn people
against using it, but I would not feel that I had to examine the design in
detail, point out the faults and provide him with a better design.
If someone designs a product it's their responsibility to make the
necessary investments, either by learning the topic or hiring experts,
preferably both. Presenting something designed by amateurs and expecting
the experts to spend their free time analyzing it (something they normally
do for a living) isn't the right way.
Andreas
--
Andreas Gunnarsson - zzl...@dd.chalmers.se
http://puzzles.zzlevo.net/
Richard Heathfield
>
<snip>
>
> If someone designs a product it's their responsibility to make the
> necessary investments, either by learning the topic or hiring experts,
> preferably both. Presenting something designed by amateurs and expecting
> the experts to spend their free time analyzing it (something they normally
> do for a living) isn't the right way.
Absolutely right. Having said that, some experts *do* spend some of
their free time analysing brain-dead algorithms written by clueless
cryptowannabees such as myself, a fact for which we, the clueless, are
very grateful indeed.
But then there's a big difference between "I can't break my own
algorithm, could someone please show me where to start? This is how it
works, and here's a little source code" and "Hey! Lunkheads! I'm a
genius and you're all losers because you can't break that ciphertext I
posted yesterday".
The former approach invariably elicits at least one or two useful
responses (although I wouldn't be surprised if the regular genii here
get exasperated by my complete inability to hold two crypto ideas
together in my head at the same time). The latter just gets people's
backs up.
Paul Crowley
> If someone said "hey, I don't really know anything about skydiving but I
> have designed a new totally cool parachute" I would certainly warn people
> against using it, but I would not feel that I had to examine the design in
> detail, point out the faults and provide him with a better design.
This is really well put. For some reason the skydiving analogy seems
to hit home more strongly than the traditional medical analogy -
perhaps because we all imagine we have a vague idea what a parachute
should do, but we also have a very strong sense that we want to be
very sure of our parachutes, so we choose those that we know will work
well.
In particular, this does the best job I've seen so far of explaining
why it's OK to say "don't use that parachute, the designer hasn't got
a clue about skydiving" even before you know of any flaws in that
particular parachute.
Christopher Browne
Here's the previous-best explanation I remember seeing for this sort
of thing...
There are no "civil aviation for dummies" books out there and most of
you would probably be scared and spend a lot of your time looking up
if there was one. :-) -- Jordan Hubbard in c.u.b.f.m
--
(reverse (concatenate 'string "moc.enworbbc@" "enworbbc"))
http://cbbrowne.com/info/linux.html
"I'm not sure it is of as much general concern as, say, coke-machines."
-- Marvin Minsky (out of context), on the subject of death.
Lohkee
"Andreas Gunnarsson" <zzl...@dd.chalmers.se> wrote in message
news:Pine.GSO.4.44.021023...@uldor.dd.chalmers.se...
> On Wed, 23 Oct 2002, Lohkee wrote:
>
> > Again, I don't disagree, but that does not change my original point,
i.e.,
> > that it would probably be more productive to simply ignore the post
> > altogether rather than getting into a pissing contest that ultimately
> > accomplishes nothing[...]
>
> If someone proposes a system that - according to experience - with 99%
> certainty is crap, it is a good thing to say so. This is a service to the
> non-experts that may otherwise use it and lose when it isn't as good as
> advertised. That does not mean you have a responsibility to provide free
> cryptanalysis to someone who is trying to get others to use snake-oil.
Saying something is crap without explaining why it is crap accomplishes
exactly what? Imagine how you would feel if a teacher condemned your
project as crap and justified it, not with an explanation as to why, but a
terse "because I am the teacher and you are the student" which is
essentially what you have proposed. I
see no constructive value at all in what you suggest, but then, no one ever
accused me of being particularly bright..
>
> If someone said "hey, I don't really know anything about skydiving but I
> have designed a new totally cool parachute" I would certainly warn people
> against using it, but I would not feel that I had to examine the design in
> detail, point out the faults and provide him with a better design.
Bad analogy. Does a parachute designer need to know about skydiving itself
to make a safe 'chute or about aerodynamics and the like? Probably would
have been better to talk about an airplane designer who knew nothing about
aerodynamics:-) This underscores my point, i.e., it is very easy to end up
looking foolish when you jump without first looking to see where you might
eventually land.
> If someone designs a product it's their responsibility to make the
> necessary investments, either by learning the topic or hiring experts,
> preferably both. Presenting something designed by amateurs and expecting
> the experts to spend their free time analyzing it (something they normally
> do for a living) isn't the right way.
I agree completely in principal, however, if this person asks for help and
an expert decides to jump in and offer an opinion they should then be
willing to back it up with a little bit more than "I am an expert and you
are an idiot."
Lohkee!
David Wagner
>Saying something is crap without explaining why it is crap accomplishes
>exactly what?
It protects innocent bystanders who might otherwise have used the
system from getting hurt. That's a worthy accomplishment.
>Imagine how you would feel if a teacher condemned your
>project as crap and justified it, not with an explanation as to why, but a
>terse "because I am the teacher and you are the student" which is
>essentially what you have proposed. [...]
Your analogy is poorly chosen; the situations are not analogous.
A teacher is paid to educate the students. In contrast, contributors to
sci.crypt are volunteering their time & energy -- it's not their duty
to educate amateurs who can't even be bothered to study the history of
the field.
SCOTT19U.ZIP_GUY
<5PGt9.20386$Mb3.7...@bgtnsc04-news.ops.worldnet.att.net>:
>>
>> If someone proposes a system that - according to experience - with 99%
>> certainty is crap, it is a good thing to say so. This is a service to
>> the non-experts that may otherwise use it and lose when it isn't as
>> good as advertised. That does not mean you have a responsibility to
>> provide free cryptanalysis to someone who is trying to get others to
>> use snake-oil.
>
>Saying something is crap without explaining why it is crap accomplishes
>exactly what? Imagine how you would feel if a teacher condemned your
>project as crap and justified it, not with an explanation as to why, but
>a terse "because I am the teacher and you are the student" which is
>essentially what you have proposed. I
>see no constructive value at all in what you suggest, but then, no one
>ever accused me of being particularly bright..
>
>
Your correct a lot of great advances occur when one does
not follow the techer who is locked into the status quo.
SCOTT19U.ZIP_GUY
<ap7fir$1jbm$2...@agate.berkeley.edu>:
>Lohkee wrote:
>>Saying something is crap without explaining why it is crap accomplishes
>>exactly what?
>
>It protects innocent bystanders who might otherwise have used the
>system from getting hurt. That's a worthy accomplishment.
>
It also keeps some good systems from becoming more common
making it hard for government to keep a tab on people.
>>Imagine how you would feel if a teacher condemned your
>>project as crap and justified it, not with an explanation as to why,
>>but a terse "because I am the teacher and you are the student" which is
>>essentially what you have proposed. [...]
>
>Your analogy is poorly chosen; the situations are not analogous.
>A teacher is paid to educate the students. In contrast, contributors to
>sci.crypt are volunteering their time & energy -- it's not their duty
>to educate amateurs who can't even be bothered to study the history of
>the field.
>
His analogy is good. Many teachers educate students beyond
the narrow time that some are paid. Also its highly likely
that in a group such as sci.crypt that there are paid professionals
that do write to this group. The US spends billions to keep
people in the dark about good crypto. Don't you think they would
pay someone to but a few choice comments here are there to keep
people from using good cyrpto. Crypto is such a wide open field
one can't study it all. But the certain big groups that may have
major break throughs would have a strong motivation to keep other
reseahers going in the wrong direction.
Lohkee
"David Wagner" <d...@mozart.cs.berkeley.edu> wrote in message
news:ap7fir$1jbm$2...@agate.berkeley.edu...
> Lohkee wrote:
> >Saying something is crap without explaining why it is crap accomplishes
> >exactly what?
>
> It protects innocent bystanders who might otherwise have used the
> system from getting hurt. That's a worthy accomplishment.
>
It could also give innocent bystanders the impression that the "expert" is
nothing more than an arrogant asshole who talks a good show but can't back
it up when push comes to shove, in which case, they might discount what is
(in fact) good advice and purchase the product because the flake who
"invented" at least appears to be more credible.
> >Imagine how you would feel if a teacher condemned your
> >project as crap and justified it, not with an explanation as to why, but
a
> >terse "because I am the teacher and you are the student" which is
> >essentially what you have proposed. [...]
>
> Your analogy is poorly chosen; the situations are not analogous.
> A teacher is paid to educate the students. In contrast, contributors to
> sci.crypt are volunteering their time & energy -- it's not their duty
> to educate amateurs who can't even be bothered to study the history of
> the field.
Should a teacher who makes twice as much some other teacher offer their
students twice as much knowledge? Pay is irrelevant. If you hold yourself
out as a teacher then you should be willing to teach.
Lohkee!
Lohkee
> loh...@worldnet.att.net (Lohkee) wrote in
> <5PGt9.20386$Mb3.7...@bgtnsc04-news.ops.worldnet.att.net>:
>
> >>
> >> If someone proposes a system that - according to experience - with 99%
> >> certainty is crap, it is a good thing to say so. This is a service to
> >> the non-experts that may otherwise use it and lose when it isn't as
> >> good as advertised. That does not mean you have a responsibility to
> >> provide free cryptanalysis to someone who is trying to get others to
> >> use snake-oil.
> >
> >Saying something is crap without explaining why it is crap accomplishes
> >exactly what? Imagine how you would feel if a teacher condemned your
> >project as crap and justified it, not with an explanation as to why, but
> >a terse "because I am the teacher and you are the student" which is
> >essentially what you have proposed. I
> >see no constructive value at all in what you suggest, but then, no one
> >ever accused me of being particularly bright..
> >
>
> Your correct a lot of great advances occur when one does
> not follow the techer who is locked into the status quo.
>
> David A. Scott
Agreed (within the context of this converstaion and not the cryptosystem
that started it)!
Lohkee!
Christopher Browne
> "David Wagner" <d...@mozart.cs.berkeley.edu> wrote in message
> news:ap7fir$1jbm$2...@agate.berkeley.edu...
>> teacher is paid to educate the students. In contrast, contributors
>> to sci.crypt are volunteering their time & energy -- it's not their
>> duty to educate amateurs who can't even be bothered to study the
>> history of the field.
>
> Should a teacher who makes twice as much some other teacher offer
> their students twice as much knowledge? Pay is irrelevant. If you
> hold yourself out as a teacher then you should be willing to teach.
But there's also the old proverb about "casting pearls before swine."
Why should a teacher volunteer their time to people that insult them
and show such disrespect for the area of study that they can't be
bothered to look back at history and pretty much ignore whatever they
are told?
Why should a teacher put up with would-be "students" that treat them
with contempt? It makes more sense to ignore such students in favor
of working with those that /are/ interested and attentive.
--
(reverse (concatenate 'string "ac.notelrac.teneerf@" "454aa"))
http://www3.sympatico.ca/cbbrowne/rdbms.html
This less-than-witty quote forces Emacs into -*-Quip-*- mode. I may
be wise, witty, and wonderful, but if I have a custom mode for this, I
obviously spend too much time manipulating fortune messages...
David Wagner
> Many teachers educate students beyond
>the narrow time that some are paid.
That's all well and good -- I do the same.
But let's remember that, when they do so, they are
volunteers. It is not an obligation for teachers to
spend their personal time and energy doing unpaid teaching.
The job doesn't come with any such obligations.
We should thank teachers for their voluntary contributions
when they teach in this way, not chastise them for failing
to do their duty when they decide not to volunteer their own
time in this way.
>Also its highly likely
>that in a group such as sci.crypt that there are paid professionals
>that do write to this group.
Do you know of one person who is paid to post to sci.crypt?
I don't know of one. The paid professionals aren't paid to
post to sci.crypt; they're paid to do private work, and the time
they spend posting to sci.crypt is an unpaid, uncompensated pro
bono contribution to the world. As far as I know, just about
everyone here is volunteering their time and energy out of their
sense of public service or for fun -- and that's great!
Mok-Kong Shen
David Wagner wrote:
>
[snip]
> .... As far as I know, just about
> everyone here is volunteering their time and energy out of their
> sense of public service or for fun -- and that's great!
Very well said. That's how the internet (discussion
forums, mailing lists, web pages) have so rapidly
and strongly grown that they acquire certain
significance that the authorities couldn't simply
ignore in the sense that they couldn't ignore
newspapers and radio and television braodcasts.
I believe that the internet has also non-trivially
contributed to the relaxation of export regulations,
though direct and active actions countering such
nonsensical regulations are certainly indispensable.
(The selfless and untired work, especially that
of Bernstein, which is continuing currently,
deserves to be well remembered by all who estime
and desire the freedom of privacy.)
M. K. Shen
Paul Crowley
> "David Wagner" <d...@mozart.cs.berkeley.edu> wrote in message
> news:ap7fir$1jbm$2...@agate.berkeley.edu...
> > Lohkee wrote:
> > >Saying something is crap without explaining why it is crap accomplishes
> > >exactly what?
> >
> > It protects innocent bystanders who might otherwise have used the
> > system from getting hurt. That's a worthy accomplishment.
> >
>
> It could also give innocent bystanders the impression that the "expert" is
> nothing more than an arrogant asshole who talks a good show but can't back
> it up when push comes to shove, in which case, they might discount what is
> (in fact) good advice and purchase the product because the flake who
> "invented" at least appears to be more credible.
It turns out that people are usually more clueful than that.
Yama
wrote:
>
>"David Wagner" <d...@mozart.cs.berkeley.edu> wrote in message
>news:ap7fir$1jbm$2...@agate.berkeley.edu...
>> Your analogy is poorly chosen; the situations are not analogous.
>> A teacher is paid to educate the students. In contrast, contributors to
>> sci.crypt are volunteering their time & energy -- it's not their duty
>> to educate amateurs who can't even be bothered to study the history of
>> the field.
>
>Should a teacher who makes twice as much some other teacher offer their
>students twice as much knowledge? Pay is irrelevant. If you hold yourself
>out as a teacher then you should be willing to teach.
>
I'm conducting an experiment on cluelessness.
Please... continue...
Andreas Gunnarsson
> news:Pine.GSO.4.44.021023...@uldor.dd.chalmers.se...
On Thu, 24 Oct 2002, Lohkee wrote:
[...]
> I see no constructive value at all in what you suggest,
There are three parties here: designer, potential users and expert. An
expert that says "according to my experience, the probability is high that
this system is weak" does give the potential user access to the expert's
experience. This is of value for the potential user. An expert that points
out actual flaws also gives the designer access to the expert's knowledge,
which is of value for the designer. I don't see why an expert should be
required to choose between giving something to either neither or both.
> > If someone said "hey, I don't really know anything about skydiving but I
> > have designed a new totally cool parachute" I would certainly warn people
> > against using it, but I would not feel that I had to examine the design in
> > detail, point out the faults and provide him with a better design.
>
> Bad analogy. Does a parachute designer need to know about skydiving itself
> to make a safe 'chute or about aerodynamics and the like?
An analogy can of course never be used as a proof, but in this case I
think it highlights all the relevant points. Yes, a parachute designer
definitely needs to know about both skydiving and aerodynamics. If this
isn't obvious, please send me a private e-mail and I'll explain it in more
detail since it's off topic for this newsgroup.
jsa...@ecn.ab.ca
: Lohkee wrote:
: >Saying something is crap without explaining why it is crap accomplishes
: >exactly what?
: It protects innocent bystanders who might otherwise have used the
: system from getting hurt. That's a worthy accomplishment.
Only, of course, if those innocent bystanders have the sense to figure out
who is worthy of being trusted.
Of course, the Snake Oil FAQ, for example _does_ help with this; instead
of just being a list of names, it explains why certain sources of crypto
software should be looked at with a jaundiced eye. Elementary mistakes
about simple concepts like the one-time-pad, for example, in ad copy
indicate a lack of sophistication.
John Savard
jsa...@ecn.ab.ca
: "David Wagner" <d...@mozart.cs.berkeley.edu> wrote in message
: news:ap7fir$1jbm$2...@agate.berkeley.edu...
: > Lohkee wrote:
: > >Saying something is crap without explaining why it is crap accomplishes
: > >exactly what?
: > It protects innocent bystanders who might otherwise have used the
: > system from getting hurt. That's a worthy accomplishment.
: It could also give innocent bystanders the impression that the "expert" is
: nothing more than an arrogant asshole who talks a good show but can't back
: it up when push comes to shove, in which case, they might discount what is
: (in fact) good advice and purchase the product because the flake who
: "invented" at least appears to be more credible.
It could only do that if the innocent bystander is in a state of sin,
confused by pride and arrogance into not humbly accepting the advice of
those who are recognized by the accredited hierarchy. The next thing you
know, such a bystander might commit the heresy of thinking the upstart
Martin Luther knows more about religion than the Pope! Thus, experts are
doing a valuable service here, by ensuring that the secrets of the
faithful are well protected, while also helping to ensure that rascals and
scoundrels shall fall into error in cryptography as they have already done
in matters of faith and morals.
So there! :)
John Savard
John E. Hadstate
<jsa...@ecn.ab.ca> wrote in message news:DaWt9.5057$i%.1338638@localhost...
Yes, a lack of technical sophistication of the ad copy writers. And perhaps
it's common in the crypto field for the cipher designer and the ad copy
writer to be one and the same. It's not necessarily so in other fields.
See, for example, the endless schmaltzy ads for pharmaceuticals (where the
term "Snake Oil Salesman" originated) on television and print media.
Lohkee
<jsa...@ecn.ab.ca> wrote in message news:dfWt9.5058$i%.1338747@localhost...
Thank you John. After a loooong week at work I really needed that. Lohkee!