Path: cactus.org!news.dell.com!swrinde!pirates.cs.swt.edu!academia.swt.edu!cs. + utexas.edu!not-for-mail From: ritter@io.com (Terry Ritter) Newsgroups: sci.crypt Subject: Re: Algorithms Date: 15 Nov 1994 15:23:46 -0600 Organization: UTexas Mail-to-News Gateway Lines: 77 Sender: nobody@cs.utexas.edu Message-ID: <199411152124.PAA18734@pentagon.io.com> NNTP-Posting-Host: news.cs.utexas.edu In <3a3n3e$ihn@netnews.upenn.edu> egendorf@mail2.sas.upenn.edu (Robert Egendorf) writes: >Has anyone else evaluated the Cloak2 cipher? Probably. A complete description of the Cloak2 design was posted to sci.crypt several times, as I recall. It was difficult to miss, for those who were here. The Cloak2 program itself has been evaluated casually. It is just coming out of beta test. Cryptographic evaluations which find no weakness tend to not be posted (or published!), since no such evaluation can be complete. Potential attacks might be posted, and none have been; while this fact is not particularly useful, it is all we have. >What tests has it been >subjected to? While some tests can identify massive weakness, in general, tests cannot certify cryptographic strength. My approach is to use a clean overall design with well-understood components, and then test those components for proper operation. >What is Mr. Ritter's background in cryptography? At first, I found this rather off-putting. What, I thought, is Mr. Egendorf's "background in cryptography," or anything else, for that matter? And what relevance does this have to discussion? Even the best cryptographer can make a mistake, and even the least of us can be right sometimes. The issue is the argument, not the reputation. Moreover, one of the worst aspects of higher education is the tendency to punish risk, and reward convention, without regard to the validity of the thought. I argue that throughout society -- to say nothing of a discussion group -- we need the freedom to try and fail without excessive criticism from those who never take equal risks. However: Mr. Ritter is an independent registered Professional Engineer who has been working on cryptography full time for the past six years. He has been a contributor to Usenet sci.crypt since 1989, and is an especially vocal critic of the use of human "trust" to certify cryptographic public keys. Ritter, an 18-year member of IEEE and ACM, and a former Adjunct Assistant Professor of Electrical Engineering at Georgia Tech, has published four major articles on cryptography, all in Cryptologia, since 1989. He holds the patent on Dynamic Substitution, a reversible nonlinear stream-cipher combiner technology. In his "Fenced DES" design (part of a "large-block DES" design sequence which was posted to sci.crypt in 1994), he has found a way to strengthen existing block ciphers without much of the processing required by conventional approaches. He continues to research mechanisms for cryptography which are especially efficient and effective in software implementation. Ritter Software Engineering offers several end-user ciphers, which are distinguished by their use of new technology and extensive attention to key-management. Various "drop-in" ciphers for software developers are available under license, and consulting time is occasionally available. --- Terry Ritter ritter@io.com