Path: cactus.org!news.dell.com!swrinde!pirates.cs.swt.edu!academia.swt.edu!cs.
+     utexas.edu!not-for-mail
From: ritter@io.com (Terry Ritter)
Newsgroups: sci.crypt

Subject: Re: Algorithms
Date: 15 Nov 1994 15:23:46 -0600
Organization: UTexas Mail-to-News Gateway
Lines: 77
Sender: nobody@cs.utexas.edu
Message-ID: <199411152124.PAA18734@pentagon.io.com>
NNTP-Posting-Host: news.cs.utexas.edu

 In <3a3n3e$ihn@netnews.upenn.edu> egendorf@mail2.sas.upenn.edu
 (Robert  Egendorf) writes:


>Has anyone else evaluated the Cloak2 cipher?

 Probably.  A complete description of the Cloak2 design was posted
 to sci.crypt several times, as I recall.  It was difficult to miss,
 for those who were here.

 The Cloak2 program itself has been evaluated casually.  It is just
 coming out of beta test.

 Cryptographic evaluations which find no weakness tend to not be
 posted (or published!), since no such evaluation can be complete.
 Potential attacks might be posted, and none have been; while this
 fact is not particularly useful, it is all we have.


>What tests has it been
>subjected to?

 While some tests can identify massive weakness, in general, tests
 cannot certify cryptographic strength.  My approach is to use a
 clean overall design with well-understood components, and then
 test those components for proper operation.


>What is Mr. Ritter's background in cryptography?

 At first, I found this rather off-putting.  What, I thought, is
 Mr. Egendorf's "background in cryptography," or anything else, for
 that matter?

 And what relevance does this have to discussion?  Even the best
 cryptographer can make a mistake, and even the least of us can be
 right sometimes.  The issue is the argument, not the reputation.

 Moreover, one of the worst aspects of higher education is the
 tendency to punish risk, and reward convention, without regard to
 the validity of the thought.  I argue that throughout society --
 to say nothing of a discussion group -- we need the freedom to try
 and fail without excessive criticism from those who never take
 equal risks.


 However:

 Mr. Ritter is an independent registered Professional Engineer
 who has been working on cryptography full time for the past six
 years.  He has been a contributor to Usenet sci.crypt since 1989,
 and is an especially vocal critic of the use of human "trust" to
 certify cryptographic public keys.

 Ritter, an 18-year member of IEEE and ACM, and a former Adjunct
 Assistant Professor of Electrical Engineering at Georgia Tech, has
 published four major articles on cryptography, all in Cryptologia,
 since 1989.  He holds the patent on Dynamic Substitution, a
 reversible nonlinear stream-cipher combiner technology.  In his
 "Fenced DES" design (part of a "large-block DES" design sequence
 which was posted to sci.crypt in 1994), he has found a way to
 strengthen existing block ciphers without much of the processing
 required by conventional approaches.  He continues to research
 mechanisms for cryptography which are especially efficient and
 effective in software implementation.

 Ritter Software Engineering offers several end-user ciphers,
 which are distinguished by their use of new technology and
 extensive attention to key-management.  Various "drop-in" ciphers
 for software developers are available under license, and
 consulting time is occasionally available.

 ---
 Terry Ritter   ritter@io.com