Newsgroups: sci.crypt Path: cactus.org!ritter From: ritter@cactus.org (Terry Ritter) Subject: Re: Block Mixing Transformations Message-ID: <1994Mar16.222350.179@cactus.org> Organization: Capital Area Central Texas UNIX Society, Austin, Tx References: <1994Mar13.051515.27175@cactus.org> <2m7ong$6vr@news.umbc.edu> Date: Wed, 16 Mar 1994 22:23:50 GMT In <2m7ong$6vr@news.umbc.edu> olson@umbc.edu (Bryan G. Olson; CMSC (G)) >: (Colin Plumb) writes: >: >Sorry if it's unkind, but it's true that a part of >: >my mind is saying "I wish Terry would quit posting his `clever' ideas >: >until he learns thing one about cryptanalysis." > >[Terry] >: When Plumb publishes a practical cryptosystem which he can *prove* >: secure, then I'm sure the rest of us will take some notice. > >Colin is one of sci.crypt's best posters. "The rest of us" >already take notice, and couldn't help but notice that he >fed you your technical lunch. And exactly where is this "lunch"? All I see is one-liners and concerted giggling. >Sorry Terry, but you deserved the slam. I'm not sure anyone ever "deserves" a slam. Interesting that someone would think so, however. >: Until that succeeds, Plumb might consider using my Penknife email >: cipher for DOS. Admittedly quite a stretch from the theories >: tossed around here, Penknife is an honest, fielded, commercial >: stream-cipher product... > >Colin is author of the fast IDEA implementation for the Intel >chips which is distributed with PGP. Why would he (or anyone >else) want to use a toy like Penknife ? I see we have a straight-man in the audience. Why use Penknife? 1) Most businesses and even some individuals take patent infringement seriously. Penknife is offered by the patent holder. 2) Most businesses and even some individuals prefer to pay for software, to get some level of seriousness and accountability in products they depend on. 3) Penknife includes a distributable commercial-demo form-- which individuals may evaluate until they choose to license the advanced version, and business may evaluate for 30 days--so they can send the demo to correspondents for their use. 4) Penknife does not create ciphertext blocks that scream out "I am in cipher; I am PGP; take me, I'm yours." 5) Any public-key cipher which allows the use of unvalidated public keys can be attacked and defeated. Such an attack does not require "breaking" any part of the cipher, making all discussion of cipher "strength" irrelevant. Normally, one expects much, much more from a cipher design. 6) Private-key ciphers are extremely practical for families and businesses because they typically have lots of close contact for exchanging keys. But anyone can mail a secret key (or have it delivered by an express service) at any time. Key-transport is awkward, but so is security itself. 7) Penknife supports "pass through" of header and .sig material, as well as the deciphered ciphertext, allowing headers and .sigs to be kept with the plaintext. Or removed. 8) Advanced Penknife supports central key-management with dated User-Key aliases, for automatic and virtually painless key update, and vastly-reduced key-entry errors. 9) Advanced Penknife has direct support for archiving ciphertext, and later access to that ciphertext despite intervening key updates. 10) Advanced Penknife supports sending large binaries on the Internet: breaking them down for sending, deciphering them into a single file upon receipt, and computing overall error-check CRC's on the result. Penknife is also probably easier to use for everyday email. There are a lot of other features, but mainly it is a small, fast program to let you get on with the mail. --- Terry Ritter ritter@io.com ritter@rtc.com