On 17/12/2021 14:12, austin obyrne wrote:
> To those readers who have expressed interest in my cipher
> I want to assure them of the veracity of my algorithm
Your assurances are of no merit. You've assured us many times that ASLEC
is unbreakable, in the face of continual breaks.
> and at
> the same time update them on some plans I have for the future.
I'm tempted to bet that they won't include taking any of the measures
we've suggested to improve security:
* separate key
* >>smaller<< key
* serious diffusion
* removing dependence on ASCII plaintexts
> I have in recent months exposed my work to an unhealthy degree.
And yet even now you have not described your algorithm with sufficient
clarity to enable others to implement it; nor have you published a
reference implementation of your recent changes.
> I have done this by creating a website and uploading absolutely
> everything I can possibly say about my invention. This includes
> verbatim copies of my program coding as well as screen
> captures of encryptions / decryption samples. There isn't another
> word I can say that has not already been said
There are two things you can say that you haven't already said:
1) a description of your algorithm clear enough to enable others to
implement it;
2) a reference implementation.
> I have good reason now to fear that I may have done myself a
> disservice by being so generous in exposing all of my database.
No, you did yourself a favour by demonstrating to yourself how idiotic
you are to allow ASLEC's "security" relying on the keeping of such a big
secret.
> I want to assure anybody who is interested that the cipher
> design algorithm is absolutely sound
No, it's crap. You can't even explain it.
> and is here to stay
We know. No matter how many times we break it, you'll keep pretending
otherwise.
> but
> I am planning to reconstitute the database completely.
That's a mistake. Just remove the need for it.
> This may take several months,
That's one of the reasons it's a mistake.
You want a huge key? Fine! Why not read in a huge key at runtime? It's a
terrible idea, but not half as terrible as hardcoding a huge key into
the source code.
How do you manage to keep so many terrible design decisions all working
so badly together and still get it to compile? (Especially when you
don't know how arrays work.) It's truly quite astonishing.
--
Richard Heathfield
Email: rjh at cpax dot org dot uk
"Usenet is a strange place" - dmr 29 July 1999
Sig line 4 vacant - apply within