Re: Into the Fire
From: Kev (kev_at_novercia.f9.co.uk)
Date: 28 Jul 2003 04:02:22 -0700
"MacGregor K. Phillips" <firstname.lastname@example.org> wrote in message news:<bg2247$jfbfn$1@ID-201989.news.uni-berlin.de>...
> Since I have been watching this newsgroup for awhile I guess it is about
> time to introduce my self and jump into the fire so to speak....
Why do people insist on trying to invent their own algorithms or do a
'one time pad' when it's obviously such a non-starter?
The way I see it, if you're going to write your own crypto program,
you should go along with what the experts say and use known, trusted
algorithms. If you use a home-grown proprietary algorithm or a pretend
'one time pad' , people just won't trust your program. I think the
perceived wisdom at the moment is that you should use SHA-1 > AES. If
you're weary of AES because it's relatively new, you could use 3DES or
The point is we already have trusted, strong algorithms so there's
really no point trying to re-event the wheel. Your time would be
better spent getting the encryption *right*, and then concentrating
on giving your program a unique selling point, such as how it
incorporates countermeasures to defeat certain side-channel attack(s).
Like forensic data recovery, or key logging, or Van Eck/hidden camera
monitoring. People might then be interested in buying your program.