[7656] in cryptography@c2.net mail archive
Re: What would you like to see in a book on cryptography for
daemon@ATHENA.MIT.EDU (William Rowden)
Fri Aug 11 11:21:25 2000
Date: Thu, 10 Aug 2000 18:20:17 -0700 (PDT)
From: William Rowden <rowdenw@eskimo.com>
To: Michael Paul Johnson <mpj@ebible.org>
Cc: dmolnar <dmolnar@hcs.harvard.edu>, cryptography@c2.net
In-Reply-To: <Pine.OSF.4.05.10008101514200.17851-100000@hcs.harvard.edu>
Message-ID: <Pine.SUN.4.10.10008101757170.22843-100000@eskimo.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
On Today, dmolnar wrote:
[Hi, David!]
> On Thu, 10 Aug 2000, Michael Paul Johnson wrote:
> > What would you like to see covered in a practical book on
> > cryptography for programmers?
[snip]
> Especially examples of tempting, but wrong, things to do.
Perhaps this is a pet peeve of mine...
In the tempting-but-wrong category, one could include samples of the
insecure systems that result when programmers with no cryptanalysis
background create their own cryptographic algorithms. The newsgroup
sci.crypt is rife with examples; look for authors who only posted a
few times. The last such system I remember seeing was a reinvention
of the Vignere cipher; before that, I seem to recall an autokey
system; somewhat earlier a "one time pad" with a pseudorandom number
generator (a LCG or LSFR, I think) appeared. Some footnotes
indicating the century in which the system was invented and broken
might reinforce the point.
--
-William
PGP key: http://www.eskimo.com/~rowdenw/pgp/rowdenw.asc until 2001-02-01
Fingerprint: B6E5 9732 3464 97C8 2B70 A031 6BF6 9E5C 16B5 C4000
Of all the gin joints in all the towns in all the world, she walks into mine.
