rotor alternative?

Wed Nov 19 19:53:48 EST 2003

Paul Rubin <http://phr.cx@NOSPAM.invalid> wrote in message news:<7xr804w4pe.fsf at ruckus.brouhaha.com>...
> aaron at reportlab.com (Aaron Watters) writes:> 
> I don't want to spend time analyzing the algorithms when there are
> already perfectly good ciphers available and it's better to just stick
> with them.  

Yes, I agree. Thanks for taking the time.

>     1) There is no attempt to provide any randomness in the output...
>     2) What's more, the cipher is a one-character-at-a-time stream cipher
>     so if you encrypt two different plaintexts that begin with a common
>     prefix, it looks to me like the ciphertexts will also have a common
>     prefix, another security failure.
>     3) No authentication is provided....
>     4) It's almost certain that the cipher is vulnerable to
>     related-key attacks...

Since the input is fed into the encryption mechanism adding random
garbage bytes to the input every so often in a predictable manner will
address 1,2,4.  Adding any sort of checksum will address 3.  This is
the kind criticism I enjoy!  thanks again.

> Being loosely inspired by RC4 is unreassuring on several grounds...

I agree completely with the rest.  -- Aaron Watters
===
The cup holder on my computer is broken.