Re: A Fast New Hash Function
Date: Mon, 22 Aug 2005 11:13:53 +1000
> [random follow-ups removed]
> Crypto@S.M.S wrote:
>>>Where's the question in that post?
>>Your post was in response to my questions
>>regarding the ease of "effectively reversing" MD5.
>>Those questions were posted in good faith, in an
>>attempt to understand how Joseph Ashwood is able
>>to attack MD5. You told me to drop it, shut up,
>>and quit posting.
> How was it good faith? It was the 220nd post [that's not an
> exageration] in a thread that was going nowhere fast. If you do care
> to actually learn or have a discussion it doesn't seem like it. You're
> very confrontational, everything is black and white. You're right and
> they're wrong.
> So I don't consider anything you're doing to be "good faith".
All I did was ask for clarification of a particular claim.
I never said, "I'm right, you're wrong". On the contrary,
I admitted not knowing the "entropy for english characters",
and others came forward to demonstrate that Joseph Ashwood's
statement of "1 entropy bit / english character" is a huge
You are the only one who has been consistently telling people
they are "wrong", "bad", "idiotic", etc.
>>You are the only one saying "mediocre planning" or "excessive
>>redundancy". I never once wrote either of those phrases. All
>>along you have attempted to place value judgements on an approach
>>which is different than what you would have taken, but which
>>you have not shown an real deficiencies in, and which many
>>others have found of interest.
> I have shown real problems. It wastes resources. You just care not to
> acknowledge it.
I have agreed it wastes resources, but have said that is not
one of the requirements. The multi-encryption takes less than
a second, whereas the SMS send function takes many seconds.
The extra time taken to multi-encrypt is negligible. You are
still unable to acknowledge this fact.
>>>1. Good crypto is easy to find. There isn't a market for what you are
>>>trying to peddle.
>>Peddle? Again you're trying to classify.
> It's not standard or openly defined and it's commercial. That's
Just because someone doesn't conform to your definition
of "standard" or "defined" doesn't make them "peddlers".
Again, you are the one taking the "I'm always right" position
here, not me.
>>And what exactly do you know about my market? How many satisfied
>>CryptoSMS users have you interviewed? How many sites that list
>>CryptoSMS have you examined? If your answer is "none", then you
>>have not done enough homework to make statements like the above.
> I work in the industry and I don't know anyone who has ever heard of
> your product.
And that means nobody uses it? Please. Your statement here
is so obviously meaningless. There are people who use your
code, there are people who use mine, there are many who use
neither. That has nothing to do with anything, as far as
"cracking", MD5, or whatever.
>>>2. Others follow standards for good reasons. It makes auditing and
>>Standard interoperability is something that CryptoSMS is
>>specifically designed to avoid. You know this. It has been
>>clearly stated many times. CryptoSMS is designed to run only
>>on the PPC, to send simple SMS only, and to be as deniable
>>as possible. Hence no key rings, no standard headers or formats
>>in the messages, no cipher text saved on the host telephone.
> There is no reason you can use standard cryptographic algorithms other
> than shear ignorance.
>>Just because a system has different requirements than what you
>>are used to (or what you expect) does not mean that system is
>>without merits. To assume so is to act in a very narrow minded
> What requirement indicates to use homebrew ciphers and hashes?
BlowFish, RC4, and IDEA are not homebrew.
Neither are the six hashes. I did not invent
these ciphers/hashes, I only implemented them.
Once again, you are using negative terms like "homebrew"
in an attempt to qualify my software as "bad". There is
little difference between your implementations and mine.
You just want to make lots of noise, post lots of insults,
and basically toot your own horn.
Please stop telling people they are "not good enough",
which is what you once asked people to stop calling you.
Should I repost that bit of "do as I say, not as I do"?
>>>3. Multiciphering doesn't actually solve the problem. In fact it is
>>>entirely possible it doesn't ADDRESS the problem [actually COCONUT98 is
>>>a good example of multiciphering gone bad].
>>And there are examples of multiciphering gone good.
>>Who recently suggested TrueCrypt? Wasn't that you Tom?
> Um no it wasn't. In fact I don't even know what TrueCrypt is.
> I'm not saying "multiciphering is weak". I'm saying it isn't
> specifically more secure and it *can* be weaker than thought.
>>TrueCrypt supports triple layer cascading:
>> Encryption algorithms: AES-256, Blowfish (448-bit key), CAST5,
>> Serpent (256-bit key), Triple DES, and Twofish (256-bit key).
>> Supports cascading (e.g., AES-Twofish-Serpent).
> So? I'm not affiliated with truecrypt.
>>What is most interesting is how you are willing to deny your own words,
>>just to continue this discussion.
> What words? I never have vouched for multiciphering in a professional
> sense. I may have thought that 7 years ago when I was 16 and first
> learning crypto but I can't think of specific instance in the last 5
> years where I suggested multi-ciphering.
You are denying that you often and frequently tell people to
"shut up", "quit posting", and "go away". That is what you
challenged me to demonstrate, I did, then you denied it (again).