top bar
QuickTopic free message boards logo
Skip to Messages



Mark Eichin
03:48 PM ET (US)
This smells a bit like the "Power One-Time-Pad" mechanism a few years ago, which sucked down millions in funding before flaming out. A popular flaw in these kind of systems is the belief that a PRNG is cryptographically strong (or rather, not recognizing that once you use one, you've reduced your strength to the strength of the prng... Apple patented a "reusable one-time-pad" mechanism a decade ago, prompting the idea that one *should* have software patents so you can prevent people from using the really *bad* ideas :-)
09:38 PM ET (US)
stevem, obviously though using symmetric ciphers you can do a Diffie-Helman (or RSA, or whatever) exchange of the keys in public. If you've signed up for this nutcake's cipher, though, you've bought into the idea of that being an unacceptable risk. So you're either screwed, or you might as well be using existing strong crypto.

MrHappy, I hope you didn't use DES for anything that was supposed to last "decades..." or that someone doesn't workaround your keystrength with a rubber hose.
12:37 PM ET (US)
All symmetric ciphers require convert key distribution. You'd be daft to encrypt something with DES, AES, Blowfish, Twofish or any other symmetric cipher and then transmit the key over an insecure channel.
MrHappyPerson was signed in when posted
09:04 PM ET (US)
Actually the issue of ciphers being breakable at any time is a big deal - they're often used to protect sensitive data who's lifespan may exceed decades. This is exactly why a new algorithm must be so thoroughly tested, attacked and peer-reviewed. Its why proprietary systems should never be trusted.

I'd also personally trust an algorithm with a known theoretical attack more than any that requires covert key distribution.
Edited 03-04-2003 09:05 PM
01:31 PM ET (US)
Even assuming he's correct and his cipher works as well as he claims to solve the minor issue of existing ciphers eventually being breakable (big deal -- by then you can upgrade to the next cipher, such as we did dropping DES for 3DES, and now we're moving to AES), his scheme still requires secret key distribution, which is a much more difficult problem to deal with.
12:37 PM ET (US)
There are so many problems here that it borders on funny.

The terrorist thing is so obviously weak. Someday people will wake up and realize that the bad guys aren't going to "play by the rules". Fine, he's not going to ship the algorithm or whatever to a small number of export controlled countries. What's to stop someone with connections to the bad guys from getting the information and handing it over? Perhaps by using Perfection Encryption itself.. ;-)

This may be a cheap shot, but I also think his choice of hosting providers shows a certain lack of dedication and polish. He uses an AOL account, with a misspelled name for his business. Domains don't cost that much. Go get one and lend some credibility to your efforts. Taking a pass through the pages and editing them for grammar and consistency would be nice, too.

To part with a really cheap shot, I'd love to know where he's getting his Ph.D. from. Maybe I'll send away for one in the mail, too.
pbxPerson was signed in when posted
08:49 AM ET (US)
Astoundingly non-responsive.
andrew woodsPerson was signed in when posted
12:54 AM ET (US)
The terrorist thing is clearly bullshit, considering there are plenty of peer-reviewed open source implementations of actual strong cryptography all over the place.

Somebody should sick Schneier on him.

Print | RSS Views: 2113 (Unique: 1015 ) / Subscribers: 0 | What's this?