[cryptography] QODE(quick offline data encryption)

Michael Kjörling michael at kjorling.se
Tue Jan 6 17:22:28 EST 2015


On 6 Jan 2015 16:12 -0500, from kevinsisco61784 at gmail.com (Kevin):
> I figured I'd start building my own open source encryption algorithm:
> https://github.com/kjsisco/qode

To borrow a very apt quote from Bruce Schneier: "Who the hell are
you?" [1] [2]

Nobody is perfect. Even very clever people make mistakes when
designing encryption algorithms. Sometimes they are unaware of
particular attacks which turned the believed-secure algorithm into a
trivially breakable entropy-reducing mess. Other times cryptographic
advancements make previously infeasibly breakable algorithms feasibly
breakable. Yet other times pure computing power did. Sometimes those
same smart people come up which believed secure schemes that are
trivially breakable by anyone with the right knowledge. [3]

Which leads us back to the question: who are you? What are your
credentials in the field of cryptography? Why should we trust _your_
algorithm over something designed by people with an established track
record in the field?

And also, _what problems_ do you see with current algorithms which you
are attempting to solve, and _how_ do you intend to solve those
problems?

This is not meant to be sarcastic at all. Homegrown algorithms tend to
fall very quickly to even a modicum of competent analysis. If you want
the community to take your algorithm proposal (whatever it might be)
seriously, then you need to show why the community should take it
seriously.

I once believed I had come up with a great encryption algorithm.
Thankfully, it never saw any use beyond a few toy programs which I
never distributed to anyone else.


[1] https://www.schneier.com/crypto-gram-0608.html#7

[2] https://www.schneier.com/blog/archives/2011/04/schneiers_law.html

[3] http://ftp.pgpi.org/pub/pgp/2.x/doc/pgpdoc1.txt section "Beware of
Snake Oil"

-- 
Michael Kjörling • https://michael.kjorling.semichael at kjorling.se
OpenPGP B501AC6429EF4514 https://michael.kjorling.se/public-keys/pgp
                 “People who think they know everything really annoy
                 those of us who know we don’t.” (Bjarne Stroustrup)


More information about the cryptography mailing list