Re: Meganet on Cryptogram again

From: Richard Heathfield (dontmail_at_address.co.uk.invalid)
Date: 09/19/03 

Date: Thu, 18 Sep 2003 22:29:55 +0000 (UTC)

Mxsmanic wrote:

> Richard Heathfield writes:
>
>> I have a much easier-to-use cryptosystem than Meganet.
>> It's called ROT-26, and I'm using it now.
>
> Perhaps you are being sarcastic, but the point is actually valid.
>
> ROT13 is sufficient for many uses. For example:
>
> Jryy, lbh'er zber cnenabvq guna zbfg!

Thanks, I think. (It took me about a second to decode.)

> While many people on this group won't be able to resist decrypting the
> above, on most USENET groups, people simply wouldn't care, or wouldn't
> even recognize the text as encrypted. ROT13 is fully secure against
> them.

You have an interesting definition of "security". Let's face it - whatever
we type in plain text here on sci.crypt is "secure" - by your definition -
against something like 99.99999% of the human population of the world, or
against maybe 99.99999999999% of all living creatures of the world. But
that's ***not the point*** !!! The point isn't how secure you can make your
plaintext against people who don't care, but about how secure you can make
it against people who /do/ care - adversaries.

> Then again, even many people in this group won't attempt to decrypt
> this:
>
> qANQR1DDDQQCAwK6shkPreGn82DJMn38N/1XLu7xLoVdL/GLlug45ZVFghjgtK2C
> M7Tsyzn4TH4l9h9b2s+CQluSKPkjkaxm
> =LGbn

<shrug> That's entirely beside the point. If that represents a genuine
message that has been enciphered in some way other than a one-time pad,
then if someone /cares/ enough, they will attack it. If it was produced by
an inferior algorithm, the odds are good that it will fall - *provided*
someone cares enough. And if nobody cares enough, it doesn't matter anyway.

> The encryption is better (but still not unbreakable), and so the
> threshold of security it provides is higher (but not infinite).
>
> Now, ROT13 is a lot easier to use than the other form of encryption
> shown above, which means that ROT13 is preferable for data that doesn't
> require anything stronger, because it has ease of use in its favor.

I have a ROT13 program which accepts plaintext on stdin and produces
"ciphertext" on stdout. I typically use it like this:

$ cat plaintext | rot13 > ciphertext

I have a (rather lame) encryption algorithm of my own, which I call cdx2. It
works like this:

$ cdx2 plaintext ciphertext key

It's actually /easier/ to use than ROT13.

>> Then they can buy ROT-26 from me. My rates are very reasonable.
>
> They can get ROT13 for free in a lot of products, and it's more secure,

By about one second.

> and easier to use.

I've found a cunning optimisation, though, in my (proprietary) ROT-26
algorithm, which makes it much easier to use than ROT-13. Send Money Now
For Full Details.

>> If ease of use is more important than security, then ROT-26 beats
>> Meganet's VME hands down. And the support is 100% adequate.
>
> You're thinking in binary terms. It's not yes/no for ease of use and
> security, it's a continuum from zero to infinite. I suspect that VME is
> far more secure than ROT-26,

I certainly hope so!

> and it probably provides more security for
> a given level of ease of use than ROT-26 does.

Probably not. ROT-26 is amazingly easy to use.

<snip>

> I don't know. Maybe VME is easier to sell. Maybe AES has legal issues
> (export, patent, etc.).

No. It was actually imported /into/ the USA, or so I understand. And it's
entirely patent-free.

> Maybe they truly believe/know that VME is more
> secure.

Then they will be able to demonstrate their evidence for believing this.

>
>> Had they done that in the first place, they probably wouldn't
>> have received all this flak.
>
> And they'd be a lot harder to distinguish from a lot of other crypto
> companies.

Alas, no. It is their present stance that makes them hard to distinguish
from other "crypto" companies. 

-- 
Richard Heathfield : binary@eton.powernet.co.uk
"Usenet is a strange place." - Dennis M Ritchie, 29 July 1999.
C FAQ: http://www.eskimo.com/~scs/C-faq/top.html
K&R answers, C books, etc: http://users.powernet.co.uk/eton

Relevant Pages

  • Re: simple data encryption algorythm?
    ... > does anybody know any simple and FAST algorythm to encrypt data in the dbf ... ROT13 ... hmmm. ... How secure should it be? ...
    (microsoft.public.fox.programmer.exchange)
  • Re: Learn Python the Hardway exercise 11 question 4
    ... It would be more secure to base64 it and then rot13 the output. ... Rot-13 twice, to make it even more secure;-) ... Freelance Perl & Python Development: http://castleamber.com/ ...
    (comp.lang.python)
  • Re: Meganet on Cryptogram again
    ... > It's called ROT-26, ... ROT13 is sufficient for many uses. ... threshold of security it provides is higher. ... Cryptosystems that are too difficult to use ...
    (sci.crypt)