ASLEC Cipher – Overview of the Security of the Database.

[austin obyrne]

To those readers who have expressed interest in my cipher
I want to assure them of the veracity of my algorithm and at
the same time update them on some plans I have for the future.

I have in recent months exposed my work to an unhealthy degree.
I have done this by creating a website and uploading absolutely
everything I can possibly say about my invention. This includes
verbatim copies of my program coding as well as screen
captures of encryptions / decryption samples. There isn't another
word I can say that has not already been said

I have good reason now to fear that I may have done myself a
disservice by being so generous in exposing all of my database.
I want to assure anybody who is interested that the cipher
design algorithm is absolutely sound and is here to stay but
I am planning to reconstitute the database completely.

This may take several months,

Austin O;Byrne

[Richard Heathfield]

On 17/12/2021 14:12, austin obyrne wrote:
> To those readers who have expressed interest in my cipher
> I want to assure them of the veracity of my algorithm

Your assurances are of no merit. You've assured us many times that ASLEC
is unbreakable, in the face of continual breaks.

> and at
> the same time update them on some plans I have for the future.

I'm tempted to bet that they won't include taking any of the measures
we've suggested to improve security:

* separate key
* >>smaller<< key
* serious diffusion
* removing dependence on ASCII plaintexts

> I have in recent months exposed my work to an unhealthy degree.

And yet even now you have not described your algorithm with sufficient
clarity to enable others to implement it; nor have you published a
reference implementation of your recent changes.

> I have done this by creating a website and uploading absolutely
> everything I can possibly say about my invention. This includes
> verbatim copies of my program coding as well as screen
> captures of encryptions / decryption samples. There isn't another
> word I can say that has not already been said

There are two things you can say that you haven't already said:

1) a description of your algorithm clear enough to enable others to
implement it;
2) a reference implementation.

> I have good reason now to fear that I may have done myself a
> disservice by being so generous in exposing all of my database.

No, you did yourself a favour by demonstrating to yourself how idiotic
you are to allow ASLEC's "security" relying on the keeping of such a big
secret.

> I want to assure anybody who is interested that the cipher
> design algorithm is absolutely sound

No, it's crap. You can't even explain it.

> and is here to stay

We know. No matter how many times we break it, you'll keep pretending
otherwise.

> but
> I am planning to reconstitute the database completely.

That's a mistake. Just remove the need for it.

> This may take several months,

That's one of the reasons it's a mistake.

You want a huge key? Fine! Why not read in a huge key at runtime? It's a
terrible idea, but not half as terrible as hardcoding a huge key into
the source code.

How do you manage to keep so many terrible design decisions all working
so badly together and still get it to compile? (Especially when you
don't know how arrays work.) It's truly quite astonishing.

--
Richard Heathfield
Email: rjh at cpax dot org dot uk
"Usenet is a strange place" - dmr 29 July 1999
Sig line 4 vacant - apply within

[austin obyrne]

Hi Richard,

There is no point in muck slinging as a way forward.
I do believe however you have a lot of experience that
I do not possess and I would like to suggest that if you
are agreeable I will submit my rehashed cipher to you
for your correction and make ongoing periodic mods
as you may suggest.

What's in it for RH you might well say !

Well. contaray to what you believe this Cipher has a
bullet proof construction. If you can help me to modify
the key data so that it works to your satisfaction then
its a fifty fifty partnership in all future public dissemination
with your name going down as co-writer. At the moment
the the area most needing your expertise is the data to be used.

Comment:

I could easily abandon my invention of vector factoring
as applied to cryptography and instead just settle for a
place in the mathematics of vector mechanics where it
is *certain to be welcomed but no, my urge is to develope
a vector cipher.

It is up to you whether you would want to communicate
as at present by means of ordinary posts - I would prefer that.

I see such posts as virtual tutorials to other readers.

I really do hope you will take me up on this.

Austin.

[Richard Harnden]

On 17/12/2021 17:46, austin obyrne wrote:

>
> It is up to you whether you would want to communicate
> as at present by means of ordinary posts - I would prefer that.
>
> I see such posts as virtual tutorials to other readers.

As a lesson in how not to do things, yes.

>
> I really do hope you will take me up on this.

Everybody else hopes you will listen to all the good advise you've been
given over the years. Nobody is going to be holding their breath.

[Richard Heathfield]

On 17/12/2021 17:46, austin obyrne wrote:

<snip>

> There is no point in muck slinging as a way forward.

Valid criticism is not "muck slinging".

> I do believe however you have a lot of experience that
> I do not possess and I would like to suggest that if you
> are agreeable I will submit my rehashed cipher to you
> for your correction and make ongoing periodic mods
> as you may suggest.

Fine; first step, get rid of that huge key and read a key in at runtime.

> What's in it for RH you might well say !

Nope. I've never asked that of Usenet and I'm not about to start now.

>
> Well. contaray to what you believe this Cipher has a
> bullet proof construction. If you can help me to modify
> the key data so that it works to your satisfaction then
> its a fifty fifty partnership in all future public dissemination
> with your name going down as co-writer.

I'm willing to help you, as I have been ready for many years, but I
don't want my name to be associated with ASLEC.

> At the moment the area most needing your expertise is the data to be used.

Your most pressing need is to separate your key from your code by
reading the key in at runtime. This way you can change the key without
changing the code and publish the code without publishing the key, two
huge advantages for you.

[Richard Heathfield]

I'm not holding my breath either, but hope springs eternal, so let's see
how he gets on with removing the key from the code.

[Colin]

On 18/12/21 08:31, Richard Heathfield wrote:
> On 17/12/2021 19:19, Richard Harnden wrote:
>> On 17/12/2021 17:46, austin obyrne wrote:
>>
>>>
>>> It is up to you whether you would want to communicate
>>> as at present by means of ordinary posts - I would prefer that.
>>>
>>> I see such posts as virtual tutorials to other readers.
>>
>> As a lesson in how not to do things, yes.
>>
>>>
>>> I really do hope you will take me up on this.
>>
>> Everybody else hopes you will listen to all the good advise you've
>> been given over the years.  Nobody is going to be holding their breath.
>
> I'm not holding my breath either, but hope springs eternal, so let's see
> how he gets on with removing the key from the code.
>

And don't forget the keys that were left in the source code comments.

[Nomen Nescio]

Why should i used your ASLEC snake oil cipher while i can use Triple DES or
AES ?




"austin obyrne" <ao40...@gmail.com> a écrit dans le message de news:
4b040d16-5b36-4cd6...@googlegroups.com...