Practice Cryptography!
Even with all of the cryptologic and cryptographic technology that has existed in the world for the past 60 years, we still don't really know what encryption is good for or how to use it -- or, more importantly, why it's important. Maybe it's time for people and coders to actually start practicing how to use it, like any other skill.Friday, March 03, 2006
http://www.ciphersbyritter.com/
I'm honestly not sure what to make of this particular site. He seems to want to push people into using unproven ciphers (preferably ones that he's patented, yet given no licenses for cryptanalysis or study), based on the idea that there really is no way to determine the 'lower bound' of cipher strength.
I can accept that particular argument (that there is no way to determine 'lower bound' of cipher strength)... but on the flip side, I also know that elementary cryptanalysis courses offer what appear (to the untrained eye) to be completely random ciphertexts that, with a bit of probing, can have their plaintext determined. If people who have been studying cryptanalysis for years can't find the plaintext from a given ciphertext using a given algorithm, and they've been trying for years, I would much rather put my faith in that particular algorithm more than something that hasn't had any cryptanalysis at all.
In an email to me, Mr. Ritter stated that he finds patents more noble than making things available for free, since patenting things helps to make up for the cost of invention plus funding new invention. Okay, whatever... his viewpoint, not my place to try to change his mind. However, he goes on to say that "patents haven't worked out for him".
Gee, I wonder why. Forbidding any cryptanalysis by failing to license the patent for that use (thus any cryptanalysis is a violation of patent, and in the event of an unfavorable finding the push would be to keep it secret because otherwise you'll have suit brought against you for using a patented invention without a license), then fearmongering by stating that "the enemies of the users of cryptography operate in secret, without letting anyone know that they've found a crack in the algorithm" to try to get people to move away from and shun long-tested and long-studied algorithms... this sounds more like a move I'd expect from Microsoft (reminiscent of its Fear, Uncertainty, and Doubt campaign against Linux) than a useful marketing system.
And, in fact, it makes me wonder if he himself knows of any breaks to his algorithms that he hasn't published.
I'm honestly not sure what to make of this particular site. He seems to want to push people into using unproven ciphers (preferably ones that he's patented, yet given no licenses for cryptanalysis or study), based on the idea that there really is no way to determine the 'lower bound' of cipher strength.
I can accept that particular argument (that there is no way to determine 'lower bound' of cipher strength)... but on the flip side, I also know that elementary cryptanalysis courses offer what appear (to the untrained eye) to be completely random ciphertexts that, with a bit of probing, can have their plaintext determined. If people who have been studying cryptanalysis for years can't find the plaintext from a given ciphertext using a given algorithm, and they've been trying for years, I would much rather put my faith in that particular algorithm more than something that hasn't had any cryptanalysis at all.
In an email to me, Mr. Ritter stated that he finds patents more noble than making things available for free, since patenting things helps to make up for the cost of invention plus funding new invention. Okay, whatever... his viewpoint, not my place to try to change his mind. However, he goes on to say that "patents haven't worked out for him".
Gee, I wonder why. Forbidding any cryptanalysis by failing to license the patent for that use (thus any cryptanalysis is a violation of patent, and in the event of an unfavorable finding the push would be to keep it secret because otherwise you'll have suit brought against you for using a patented invention without a license), then fearmongering by stating that "the enemies of the users of cryptography operate in secret, without letting anyone know that they've found a crack in the algorithm" to try to get people to move away from and shun long-tested and long-studied algorithms... this sounds more like a move I'd expect from Microsoft (reminiscent of its Fear, Uncertainty, and Doubt campaign against Linux) than a useful marketing system.
And, in fact, it makes me wonder if he himself knows of any breaks to his algorithms that he hasn't published.
Archives
2006-02-12 2006-02-19 2006-02-26 2006-03-05 2006-03-12 2006-03-19 2006-03-26 2006-04-02 2006-04-09 2006-04-16 2006-04-23 2006-07-23 2008-01-13 2008-01-20 2008-02-03 2008-02-17 2008-03-16 2008-04-06 2008-05-11
