Michael Paul Johnson (mpj@csn.net)
Mon, 29 Jun 1998 15:38:07 -0600
At 03:14 PM 6/29/98 -0400, Matt Blaze wrote:
>
>Perry is completely right here.
>
>Designing ciphers is hard.  There's no general theory of cipher
>design.  Even very smart, knowledgeable, experienced people come up
>with bad ciphers.  In the crypto community, people aren't even all
>that embarrassed when their algorithms get broken.  That's how hard
>it is.
Actually, designing ciphers is easy. Any fool can do that (and many fools do).
Designing good symmetric ciphers isn't really easy, but with some study, it
can be done by many people.
Designing good public key cryptosystems is something few have done well,
and it is difficult to come up with something truly novel and secure, as
well as practical, here.
Discerning the difference between a good and bad cipher is extremely
difficult, especially for the inventor.
Proving that a cipher is good is usually impossible. Unfortunately, it is
often also very difficult to prove that a bad one is bad, but at least this
is usually not impossible.
>It is just plain lunacy to use new designs to protect real data,
>especially when viable, long-studied alternatives exist.  ...
Ahh, but that doesn't stop people from trying... irrational though that may
be. Embedding a new cryptosystem in a test application doesn't bother me,
as long as the status of the cryptosystem is clearly documented. Besides,
it is fun to code new cryptosystems. For critical applications, though, I
agree.
        
The following archive was created by hippie-mail 7.98617-22 on Fri Aug 21 1998 - 17:19:12 ADT