| Viewing Single Post From: OblivionX | |
|---|---|
| jdege | Nov 26 2008, 05:47 PM |
Elite member
  ![]](http://209.85.122.85/static/1/pip_r.png)
|
I haven't examined your algorithm, yet. I will do so, when I get time. But a couple of thoughts. Your algorithm uses SHA1 hashes - which means it's a system that can only be performed by computer. That means it's competing with the computer-only crypto systems, DES, AES, IDEA, etc. As opposed to competing with the historical pen-and-paper ciphers, like Vigenere, Playfair, Bifid, et al. A computer cipher is expected to stand up to a computerized attack. And there's a very simple test that will determine that a computerized attack is possible - the randomness of the output. If the cryptosystem leaks any statistical information about the plaintext, it can be successfully attacked by computer. That is, if the ciphertext doesn't pass all the standard tests for statistical randomness, it's pretty much a given that there are successful computer-based attacks against it. Case in point - Bruce Schneier's "Solitaire". http://www.schneier.com/solitaire.html That someone discovered that the output was shown to be different from random was taken as proof that the cipher had a weakness, even if no one knew what it was. So if you're looking to evaluate your new cipher, I'd suggest you take a look at the statistical properties of the ciphertext. Does the ciphertext look random? If not, there's most certainly a weakness in there, somewhere. BTW - the reverse is not true. Just because a cipher that produces non-random output can be assumed to be insecure, you cannot assume a cipher that produces random output is secure. There are plenty of ciphers that produce completely random output that can be quite easily broken. But the check for randomness is an easy way of filtering out candidates for consideration. |
| When cryptography is outlawed, bayl bhgynjf jvyy unir cevinpl. | |
 |
|
| OblivionX · General | |
11:04 AM Nov 27
