in reply to Ideas for encryption algorithm developement?

Note: I do not claim to be an expert at encryption. I've read a good chunk of Applied Cryptography and Schneier's mailing list, and I've hung around the Freenet Project (external link), which has some funky uses of crypto all its own. I have a grasp of how to use crypto in an application, and have an idea of how the algorithms work internaly.

Basically, I've read up enough about making your own crypto algorithm to learn this fact: don't. Modern crypto experts need a strong math background (one of the few places in CS where something well beyond high school mathmatics is absoultely essential). The NSA is thought to be the largest employer of math majors in the world, and even their stuff gets routinely broken when the algorithm is exposed to the outside world.

Fortunatly, there is still hope for those of us who think of a "matrix" as a movie. Something that Schneier and others have been stressing lately is that making a secure algorithm is actually the easy part. It's the details of use that matter. As an example, WEP encryption in 802.11b uses RC4, a stream cipher thought up by the same guy who put the 'R' in 'RSA' and has had the best minds in cryptography thrown at it and it still held up pretty well (not perfectly, mind you, but better than most stream ciphers). WEP wasn't broken because it used a bad cipher--it was broken because it used it wrong.

Fortunatly, you don't need to be a math major to know how to implement a cryptographic solution well. You'll need to know about the various ciphers in use and their flaws (both theoretical and practical). All the math-major stuff is already done for you in most langagues (such as ciphers, RNGs, hashes, compression, etc.). You just need to put the pieces together.

If you're set on writing your own cipher, might I suggest trying your hand at a pen-and-paper cipher, such as Solitaire (external link). That particular cipher has some problems (bias in its RNG), but I'd like to see more clever ideas for secure ciphers that don't need a computer to be used.

----
I wanted to explore how Perl's closures can be manipulated, and ended up creating an object system by accident.
-- Schemer

Note: All code is untested, unless otherwise stated

  • Comment on Re: Ideas for encryption algorithm developement?

In Section Seekers of Perl Wisdom