[cryptography] QODE(quick offline data encryption)

Kevin kevinsisco61784 at gmail.com
Wed Jan 7 15:55:22 EST 2015


On 1/7/2015 3:32 PM, Warren Kumari wrote:
> On Wed, Jan 7, 2015 at 3:09 PM, Kevin <kevinsisco61784 at gmail.com> wrote:
>> On 1/7/2015 2:40 PM, Jeffrey Goldberg wrote:
>>> On 2015-01-07, at 12:26 PM, Kevin <kevinsisco61784 at gmail.com> wrote:
>>>
>>>>      Any company could review it and decide if it's worth using or not.
>>> Hi Kevin.
>>>
>>> Actually that’s a part of my job within the company I work for. I’m the
>>> one who can read some of the primary literature in cryptography. Now this
>>> makes me unusual, not a lot of companies
>>> our size have someone with my skills.
>>>
>>> But I would be useless at evaluating your algorithm. I don’t know how to
>>> check if linearity in S-Boxes; I don’t know what properties to look for in a
>>> key schedule; I don’t know how to look for related key attacks, etc. I’ve
>>> never broken anything and wouldn’t really know where to begin trying to
>>> break something.
>>>
>>> So what I do is rely on expert advice and err toward being conservative.
>>> My understanding of both the process by which AES was developed and chosen
>>> along with the extensive research on it is that remains a very good choice
>>> as a block cipher.
>>>
>>> So if I were to “review” your algorithm for my company, I wouldn’t do it
>>> by actually reading the code, I would ask exactly the same sorts of
>>> questions that you have been presented with:
>>>
>>> (1) Does it offer me some valuable feature that isn’t available in more
>>> standard alternatives?
>>>
>>> If “no", there really is no reason to look at it further.
>>>
>>> (2) Is there good reason to believe that it has all of the security
>>> properties I depend on of what I am already using?
>>>
>>> If “no”, there is no reason for me to look at it further.
>>>
>>> (3) Is there a clear design document explains how it is supposed to
>>> achieve its claimed security properties?
>>>
>>> This is part of (2), but I wanted to break it into its own point. I can
>>> read — slowly and with effort — the descriptions of the designs of the
>>> things that I do use. I don’t get all of the finer points, but I see how
>>> problems that I never even would have thought of are addressed.
>>>
>>> As others have suggested, this is what you should START with.
>>>
>>> (4) What does the expert community say about it?
>>>
>>> If it hasn’t been sufficiently studied, then even if it is a complete work
>>> of genius, I’m going to wait until people who know how to evaluate things
>>> have done so.
>>>
>>> (5) Are there “safe” implementations of it available for me to use?
>>>
>>> An implementation needs to not only implement the algorithm, but guard
>>> against side-channel attacks.
>>>
>>> There are other things as well. All of which your system fails at without
>>> anyone having to look at the code.
>>>
>>>> I am not going to take it down. Freedom, boys and girls, freedom.
>>> Good for you. Now if you actually want people to start looking at it,
>>> start with addressing
>>> my point (3). If you don’t make it easy for people to analyze your system,
>>> it is not going to receive the expert scrutiny required to meet some of the
>>> other criteria.
>>>
>>>
>>> But the concern is that there are software developers out there who don’t
>>> pay attention to the criteria that I listed. So, sure, go ahead and play
>>> with ideas. But please put some prominent notes that it hasn’t been
>>> evaluated and was designed by someone with no expertise, and so should only
>>> be used for playing around.
>>>
>>> And if you would like expert evaluation, you need to help those experts.
>>> There are lots of lone crackpots out there who think that they are lone
>>> geniuses. You are going to show that it isn’t a complete waste of experts
>>> time to look at your stuff.
>>>
>>> Cheers,
>>>
>>> -j
>> J.  I think it's great that you can look at this sort of thing from all
>> angles.  The security lies in data with a salt added to data which is
>> rotated to the left by the length of bytes.  I won't insult your
>> intelligence by rehashing the formula as it is clearly written in the code.
> Errr... *which* code? Where?
>
> Sum total of what is published (that I could find) is:
>
> https://github.com/kjsisco/qode/blob/master/qode.au3
>
> containing 5 lines:
>
> -----
>
> qode
> ====
>
> An encryption algorithm
> -----
>
> Perhaps you have missed the fact that you need to git push? Or is
> there some other location that I missed somewhere?
>
> W
>
>
>
>> The point is, do you feel this provides the level of security that you
>> desire?  If the answer is no, in the trash can it goes!
>>
>>
>>
>> --
>> Kevin
>>
>>
>> ---
>> This email is free from viruses and malware because avast! Antivirus
>> protection is active.
>> http://www.avast.com
>>
>> _______________________________________________
>> cryptography mailing list
>> cryptography at randombit.net
>> http://lists.randombit.net/mailman/listinfo/cryptography
>
>
Code:
;QODE(Quick Offline Data Encryption)
;by
;Kevin J. Sisco(kevinsisco61784 at gmail.com
;provides strong encryption for data entered
;written in Autoit
$i = Inputbox(" ", "Enter data")
$b = StringToBinary($i)
;convert to binary
$s = StringToBinary("the data is now secure")
;salt
$salt = $b+$s
;add salt to input
$l = BinaryLen($b)
;length in bytes
$br = BitRotate($b, $l)
;left bit rotation
$x = BitXor($br, $l)
;xor of rotation and length
$y = @YEAR
;current year
$r = Random(20, 50)
;random number

$formula = $salt+$br+$x+$y+10+32+$r*100
;formula
$t = $formula*$formula*$formula*Log($formula)
;total
$o = FileOpen("output.txt", 1)
;create output file
FileWriteLine($o, $formula)
;store the result
FileFlush($o)
;flush buffer to disk
FileClose($o)
;close the stream



-- 
Kevin


---
This email is free from viruses and malware because avast! Antivirus protection is active.
http://www.avast.com



More information about the cryptography mailing list