Newsgroups: sci.crypt
Path: cactus.org!ritter
From: ritter@cactus.org (Terry Ritter)
Subject: Re: Block Mixing Transformations
Message-ID: <1994Mar16.222350.179@cactus.org>
Organization: Capital Area Central Texas UNIX Society, Austin, Tx
References: <1994Mar13.051515.27175@cactus.org> <2m7ong$6vr@news.umbc.edu>
Date: Wed, 16 Mar 1994 22:23:50 GMT
In <2m7ong$6vr@news.umbc.edu> olson@umbc.edu (Bryan G. Olson; CMSC (G))
>: (Colin Plumb) writes:
>: >Sorry if it's unkind, but it's true that a part of
>: >my mind is saying "I wish Terry would quit posting his `clever' ideas
>: >until he learns thing one about cryptanalysis."
>
>[Terry]
>: When Plumb publishes a practical cryptosystem which he can *prove*
>: secure, then I'm sure the rest of us will take some notice.
>
>Colin is one of sci.crypt's best posters. "The rest of us"
>already take notice, and couldn't help but notice that he
>fed you your technical lunch.
And exactly where is this "lunch"?
All I see is one-liners and concerted giggling.
>Sorry Terry, but you deserved the slam.
I'm not sure anyone ever "deserves" a slam. Interesting that
someone would think so, however.
>: Until that succeeds, Plumb might consider using my Penknife email
>: cipher for DOS. Admittedly quite a stretch from the theories
>: tossed around here, Penknife is an honest, fielded, commercial
>: stream-cipher product...
>
>Colin is author of the fast IDEA implementation for the Intel
>chips which is distributed with PGP. Why would he (or anyone
>else) want to use a toy like Penknife ?
I see we have a straight-man in the audience.
Why use Penknife?
1) Most businesses and even some individuals take patent
infringement seriously. Penknife is offered by the
patent holder.
2) Most businesses and even some individuals prefer to pay
for software, to get some level of seriousness and
accountability in products they depend on.
3) Penknife includes a distributable commercial-demo form--
which individuals may evaluate until they choose to
license the advanced version, and business may evaluate
for 30 days--so they can send the demo to correspondents
for their use.
4) Penknife does not create ciphertext blocks that scream
out "I am in cipher; I am PGP; take me, I'm yours."
5) Any public-key cipher which allows the use of unvalidated
public keys can be attacked and defeated. Such an attack
does not require "breaking" any part of the cipher, making
all discussion of cipher "strength" irrelevant. Normally,
one expects much, much more from a cipher design.
6) Private-key ciphers are extremely practical for families
and businesses because they typically have lots of close
contact for exchanging keys. But anyone can mail a secret
key (or have it delivered by an express service) at any
time. Key-transport is awkward, but so is security itself.
7) Penknife supports "pass through" of header and .sig
material, as well as the deciphered ciphertext, allowing
headers and .sigs to be kept with the plaintext. Or
removed.
8) Advanced Penknife supports central key-management with
dated User-Key aliases, for automatic and virtually
painless key update, and vastly-reduced key-entry errors.
9) Advanced Penknife has direct support for archiving
ciphertext, and later access to that ciphertext despite
intervening key updates.
10) Advanced Penknife supports sending large binaries on the
Internet: breaking them down for sending, deciphering them
into a single file upon receipt, and computing overall
error-check CRC's on the result.
Penknife is also probably easier to use for everyday email. There
are a lot of other features, but mainly it is a small, fast program
to let you get on with the mail.
---
Terry Ritter ritter@io.com
ritter@rtc.com