Re: Low level operations

I hope that you're not using this for any sort of secure operation (i.e. if a client can send back the correct key, they are trusted). The reason is that you are not relying on anything that only the client would know, only the algorithm (which, incidentally you just posted on the internet). This is intrisically weak. If you are looking for something more robust, check out zero knowledge proofs.

thor

Comment on Re: Low level operations

Replies are listed 'Best First'.
Re: Re: Low level operations by Anonymous Monk on Oct 09, 2002 at 10:44 UTC
"only the algorithm (which, incidentally you just posted on the internet)." This is actually a good thing. All crypto algorithms should be open.It builds trust and people are able to see how the algorithm works so they can sort the good algorithms from the bad ones. The security issue is how the algorithm is implemented in software.	[reply]
Re: Re: Re: Low level operations by Anonymous Monk on Oct 09, 2002 at 10:51 UTC
An algorithm which consists of moving a few bits around and then an xor is not a good crypto algorithm.	[reply]
Re: Re: Re: Re: Low level operations by Anonymous Monk on Oct 09, 2002 at 11:30 UTC
Exactly. Thank you for proving my point! Therefor noone should use it. What if the algorithm was hidden in a application?	[reply]
Re: Low level operations by sch (Pilgrim) on Oct 09, 2002 at 10:54 UTC
Which of course, proves the previous A. Monks point - if this algorithmn hadn't been shown and discussed, someone might think that it was.	[reply]
Re: Re: Re: Low level operations by thor (Priest) on Oct 09, 2002 at 12:58 UTC
And I agree whole heartedly that making crypto algorithms public increases their ability to be trusted through peer review. However, if the original poster were relying on the algotithm alone for security, then he shot himself in the foot (again). Also, to call this a crypto algorighm is like calling ROT-13 an crypto algorithm. To paraphrase Kelly Bundy from 'Married with Children': "You may as well have locked it with a piece of chewing gum". thor	[reply]
Re: Re: Low level operations by narse (Pilgrim) on Oct 09, 2002 at 16:01 UTC
I believe the original purpose was to make sure people arn't doing what I am doing and use unofficial clients. I would not do this if i could avoid it :). I'm just following the protocol.	[reply]