Other Directory Sites: SeekWonder | Directory Owners Forum
The following archive was created by hippie-mail 7.98617-22 on Fri Aug 21 1998 - 17:20:39 ADT
Mok-Kong Shen (mok-kong.shen@stud.uni-muenchen.de)
Mon, 20 Jul 1998 12:08:57 +0100
Ian Clysdale wrote:
>
> > Owing to the non-trivial programming efforts required, WEAK3 does not
> > appear to well satisfy the requirements of a poor man's environment,
> > though it may be quite useful in normal environments, being
> > independently implementable from scratch in one to two weeks with
> > average programming experience.
> >
> I don't find that particularly impressive. I think that taking two weeks to
> implement ANY of the common block algorithms from the specification is close
> to excessive, for anyone with a reasonable degree of programming experience.
> Now, you can spend a huge amount of time in optimization, but the basic
> algorithms are usually rather simple, all in all.
I was afraid that someone would shout that my algorithm is much too
complicated. It is a great pleasure for me to know that the opposite
is acctually the case and that it can be easily implemented in much
less time than what I estimated. I don't have in mind that users
(the circle of persons that probably would use my code) should do
any optimization. My code does not run 'impressively' fast at all.
But, as I said, they don't normally need very high processing speed.
Finally, I don't agree that simplicity is a sin of an algorithm.
>
> > Therefore I have called it instead a
> > layman's data encryption algorithm, since it is designed by a layman
> > for use by laymen.
> >
> This scares me more than a little. Why should I - and I count myself a
> layman rather than a cryptographer, because while I have a fair deal of
> implementation experience, my mathematical background is much poorer than I
> would like - trust a cipher designed by a layman and not extensively
> analyzed over a cipher designed by a professional and analyzed by the
> cryptographic community? Why should anyone?
How can a brand new algorithm get 'extensively' analysed at the time
it comes out? The case is similar to that, say, when a new product
is put on the shelves of a supermarket. If nobody likes it, it
will disappear in relatively short time. It will stay, if it can find
sufficient customers.
>
> > (Hardcore professionals with their insistance on
> > rigorous mathematical proofs and the regulating officials taking
> > advices from them presumably would not have the least motivation to
> > examine, let alone to actually use, anything that is WEAK by name.)
> >
> I don't think that it's the WEAK aspect of the name, although that probably
> doesn't help. What deterred me from even looking at it was my inability to
> find an algorithm specification on your page - you seemed to only have the
> Fortran reference implementation. A reference implementation is not in any
> way a substitute for a well-written specification describing design goals,
> the algorithm in pseudocode at a high level (for those of us who have no
> desire to try to piece out Fortran) and describing any attacks that have
> been made or can be made on the cipher.
>
> This doesn't strike me as an insistence on rigourous mathematical proofs,
> but simply a basic requirement for any kind of understanding of the cipher.
> You've given absolutely no reason that I, as an implementor, would want to
> use your encryption scheme, and you've given no easy way for me, as an
> analyst, to even understand what your scheme is doing.
>
> If I just missed the specification, then please take my apologies, let me
> know where to find it, and I'll be glad to take a quick look over the scheme
> and see if I notice anything.
Since you claimed that my algorithm is very simple (which is in my
opinion true), I suppose that you have already read and understood it.
In the comments to the code I have explained very shortly what
is done in each round and have referred the issue of pseudo-random
generation to another article. With that, particularly since you
are implementor and therefore have barely difficulties in reading
codes (even in case you don't program in Fortran) and since I guess
you have much more programming experience than I (see above for
the difference in estimates of time needed to implement my algorithm)
I can't imagine that my well commented code presents you any real
difficulties at all. If there any concrete questions please kindly
let me know.
M. K. Shen
The following archive was created by hippie-mail 7.98617-22 on Fri Aug 21 1998 - 17:20:39 ADT