[WEB SECURITY] a new 'Secret Key' Cryptographic Algorithm ~ any analysis/suggestions/weakness will be helpful ~ Variation of One-Time Pad

Tasos Laskos tasos.laskos at gmail.com
Mon Apr 25 17:09:25 EDT 2011


I don't see how the key is generated randomly, if anything the 
scheduling seems quite bad.
Maybe I'm missing something or I'm just too tired, can you justify the 
randomness of the key for us?

There's also a saying that goes around crypto circles: Don't design your 
own crypto.
And it's a valid and proven point since crypto is really *really* hard 
to get right.

In your case though I think that /dev/urandom (or /dev/random if you 
feel paranoid) could provide better entropy to be used as an OTP key.

Tasos L.

On 04/25/2011 08:18 PM, Abhishek [ABK] Kumar wrote:
> Hi All,
> I'm working on a *new 'Secret Key' Cryptographic Algorithm *to be 
> incorporated in my open-source project 'n00bRAT' and a new concept 
> that I'm gonna initiate in some time.
> Currently, its *at initial stage* with a *single feature of 
> encrypting/decrypting files*.
> any *analysis/suggestions/weakness *will be helpful
> aQikCipher ~ https://github.com/abhishekkr/aqikcipher 
> <https://github.com/abhishekkr/aqikcipher>
> It's a very low-resource consuming and easily implemented *variation 
> of One-Time Pad* (Vernam Cipher) Encryption methodology : 
> http://en.wikipedia.org/wiki/One-time_pad :: which is the strongest 
> considered Secret Key Encryption.
> In this variation, *entire one-time pad can be generated in a pure 
> random way just using Key and Data... no (pseudo) random number 
> generators, salt and IVs required*.
> -- 
> Regards,
> Abhishek Kumar
> https://sites.google.com/site/abhikumar163/
> -- 
> --------------ABK-----mail.signature--------------------
> <http://www.blogger.com/profile/06276198262605731980><http://abhishekkr.deviantart.com/><http://www.facebook.com/aBionic><http://www.twitter.com/aBionic><http://sourceforge.net/users/abhishekkr><http://www.youtube.com/user/1ABK><http://in.linkedin.com/in/abionic> 
> -----------------------------------------------------------
> ~=ABK=~
> _______________________________________________
> The Web Security Mailing List
> WebSecurity RSS Feed
> http://www.webappsec.org/rss/websecurity.rss
> Join WASC on LinkedIn http://www.linkedin.com/e/gis/83336/4B20E4374DBA
> WASC on Twitter
> http://twitter.com/wascupdates
> websecurity at lists.webappsec.org
> http://lists.webappsec.org/mailman/listinfo/websecurity_lists.webappsec.org

More information about the websecurity mailing list