[WEB SECURITY] a new 'Secret Key' Cryptographic Algorithm ~ any analysis/suggestions/weaknes

dtillemans at gmail.com dtillemans at gmail.com
Thu Apr 28 06:32:31 EDT 2011


I agree completely with Claudio. You have to have a math-degree to design a  
new algorithm.
Here is a open book to start with the basic theory behind cryptography

http://www.cacr.math.uwaterloo.ca/hac/

As you will see in the content, this is pure mathematics. I advise to use  
minimal RC4, but better AES. I know it is block cipher, but you can also  
stream with block ciphers.

Cheers,
DDT


Op schreef Claudio Telmon <claudio at telmon.org>:
> I downloaded the code and simply tried to encode a block of zeroes... as

> you can see if you look at the result with an hex editor, a clear

> pattern appears in the cyphertext. See what happens instead if you try eg:

> openssl enc -e -rc4 -in plain -out cypher

> This is just to show that the fact that you're feeding the plaintext as

> key, with minimal initialization, is weak and implies that both the key

> and the cyphertext are almost as biased as the plaintext. BTW, I tried

> to change the key from ABK to ACK, and a single bit changed as a

> consequence in the cyphertext pattern. This is just to show that the

> design is wrong, without going into math. Don't suppose that those

> desining more complex algorythms do so because they don'y know better.

> Not to be rude, but don't just try to change a couple of steps in your

> code and resubmit: there's a lot of books and papers on cryptography,

> this one has been recently recommended by a cryptographer on another

> mailing list:

> http://www.amazon.com/Cryptography-Practice-Discrete-Mathematics-Applications/dp/1584885084



> Regards,



> - Claudio



> --



> Claudio Telmon

> claudio at telmon.org

> http://www.telmon.org





> _______________________________________________

> The Web Security Mailing List



> WebSecurity RSS Feed

> http://www.webappsec.org/rss/websecurity.rss



> Join WASC on LinkedIn http://www.linkedin.com/e/gis/83336/4B20E4374DBA



> WASC on Twitter

> http://twitter.com/wascupdates



> websecurity at lists.webappsec.org

> http://lists.webappsec.org/mailman/listinfo/websecurity_lists.webappsec.org


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/attachments/20110428/f18e324c/attachment.html>


More information about the websecurity mailing list