designing/certifying an encryption algorithm

[sometimes I write emails that are pedagogic enough that I like to blog the main points of it for my future quick reference].

Dear [elided],

Designing a crypto algorithm is not easy.  There's a saying in the crypto world: "anyone can create an algorithm that he himself cannot break".  The point is to design it so that no one else can break it.

Which brings us to certifying someone else's algorithm...  Certifying an encryption algorithm is not easy either.  In fact, it is never done by a single individual, but by a large, public, peer review process.  NIST spent more than 3 years from initial proposal to final selection of AES (see http://csrc.nist.gov/archive/aes/index2.html#overview ).

An honest cryptographer or a conscientious security analyst will refuse to design or certify any crypto algorithm on his personal say so.  That's just not the way things work in the crypto world.  If you want to know how many facets there are to actual cryptanalysis, and how much deep mathematics is involved in doing a good job of analysing a cipher, skim through section 6 of http://www.schneier.com/paper-self-study.pdf .  Once that has suitably scared you, read section 7 ("Conclusion", page 15) properly.  It's just 2 paras :-)

A more well known page, for someone wanting to become a cryptographer, is http://www.schneier.com/crypto-gram-9910.html#SoYouWanttobeaCryptographer

And finally, I just love this one: http://www.schneier.com/crypto-gram-9902.html#snakeoil!

Now, I realise that all 3 of my referenced links come from the same guy, but that's Bruce Schneier -- he writes well, and is willing to descend to the level of mere mortals like you and me to say what he needs to say in a way that we can understand it!

To come back to your problem, therefore, I'd be more comfortable trying my damnedest to fit TEA (or XTEA, or XXTEA) into the platform you're constrained to use, than try to design a new algorithm that is smaller than those *and* is secure enough for me (or TCS) to stand behind it.




I am soooo tempted to send this to someone I know...

but he'd probably freak out!

-------- Original Message --------
Lightbulb... Christians
via Comedy Central's Jokes.com: Joke of the Day by Comedy Central on

How many Christians does it take to screw in a lightbulb?

None. The Bible makes no mention of lightbulbs.


that explains most of the religious people I know....

(except one)
/. says

Brain Surgery Linked To Sensation of Spirituality

Apparently if they chop off bits of your brain you become spiritual.  Nice...

[of course the actual article is much more positive.  Brainwashed, no doubt...]


tcs.com was NOT hacked...

[Disclaimer: I'm an employee of TCS, though naturally I'm posting this in my personal capacity]

tcs.com was NOT hacked yesterday.  What did happen was that the DNS records that supply the IP were reset to some other IP.

Whether that was done by actually hacking tracom/netsol or by social engineering a valid change request I do not know.

I know the site was fine because going through the internal DNS got me the correct IP address and the correct content.

I believe the problem started sometime before 1am IST [this is a wild guess, from other symptoms; don't ask!], and was resolved around noon or so [this guess is more accurate because I was semi-actively monitoring it].

In both instances, it would have taken a few hours for the bad data to expire from DNS caches.  Depending on who your DNS provider is, you may have seen it "come back" at different times.  If you were running your own DNS, you could have purged your DNS cache manually and would know more accurately when it came back.