[cryptography] QODE

Open eSignForms yozons at gmail.com
Wed Jan 7 21:57:10 EST 2015

On 1/7/15 4:24 PM, listo factor wrote:
> On 01/06/2015 09:12 PM, Kevin wrote:
>> I figured I'd start building my own open source encryption algorithm:
>> https://github.com/kjsisco/qode
> I find the reaction from the list somewhat surprising.
> Some years ago, I had a neighbour that was building a moon-landing
> spacecraft in his backyard. Obviously, he never landed on the moon,
> but he learned a whole lot of useful things: for instance, holding
> a hammer close to the head instead of at the end of the handle will
> not substantially reduce the likelihood of hitting the thumb.
> He did try to sell maiden-voyage seat reservations. I have no idea
> if he collected any money, but if he did, I would not blame him,
> I would blame those that coughed up their coin.
Grumbling is common.  Variety is the spice of life, and it's also useful 
against issues of monoculture to protect against subsequent discoveries 
of backdoors or  implementation vulnerabilities, published or not. This 
does not endorse the use of homegrown algorithms over any of the various 
well established and more vetted algorithms that researchers (and 
crackers) have analyzed, especially for anything of value.  Such apps 
generally require the use of established crypto anyway, and sadly are 
often enough insecure because of misuse or flawed key management.

It's hard to know if homegrown crypto is much of a learning experience, 
though, because it's so hard to tell if it's actually secure.  As I said 
before, most crypto looks secure because the ciphertext generally looks 
like gibberish, whether secure or not. There's no easy way to test an 
algorithm compared to that neighbor's spacecraft.  But if you are not a 
high value target, your crypto may provide adequate security as there's 
unlikely a cabal who will invest the resources to attempt to crack it.  
Life is short and freedom to explore is your right!

More information about the cryptography mailing list