On 1/7/15 4:24 PM, listo factor wrote:
On 01/06/2015 09:12 PM, Kevin wrote:
I figured I'd start building my own open source encryption algorithm:
https://github.com/kjsisco/qode
I find the reaction from the list somewhat surprising.
Some years ago, I had a neighbour that was building a moon-landing
spacecraft in his backyard. Obviously, he never landed on the moon,
but he learned a whole lot of useful things: for instance, holding
a hammer close to the head instead of at the end of the handle will
not substantially reduce the likelihood of hitting the thumb.
He did try to sell maiden-voyage seat reservations. I have no idea
if he collected any money, but if he did, I would not blame him,
I would blame those that coughed up their coin.
Grumbling is common. Variety is the spice of life, and it's also useful
against issues of monoculture to protect against subsequent discoveries
of backdoors or implementation vulnerabilities, published or not. This
does not endorse the use of homegrown algorithms over any of the various
well established and more vetted algorithms that researchers (and
crackers) have analyzed, especially for anything of value. Such apps
generally require the use of established crypto anyway, and sadly are
often enough insecure because of misuse or flawed key management.
It's hard to know if homegrown crypto is much of a learning experience,
though, because it's so hard to tell if it's actually secure. As I said
before, most crypto looks secure because the ciphertext generally looks
like gibberish, whether secure or not. There's no easy way to test an
algorithm compared to that neighbor's spacecraft. But if you are not a
high value target, your crypto may provide adequate security as there's
unlikely a cabal who will invest the resources to attempt to crack it.
Life is short and freedom to explore is your right!
_______________________________________________
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography
