On Today, dmolnar wrote:
[Hi, David!]
> On Thu, 10 Aug 2000, Michael Paul Johnson wrote:
> > What would you like to see covered in a practical book on
> > cryptography for programmers?
[snip]
> Especially examples of tempting, but wrong, things to do.
Perhaps this is a pet peeve of mine...
In the tempting-but-wrong category, one could include samples of the
insecure systems that result when programmers with no cryptanalysis
background create their own cryptographic algorithms. The newsgroup
sci.crypt is rife with examples; look for authors who only posted a
few times. The last such system I remember seeing was a reinvention
of the Vignere cipher; before that, I seem to recall an autokey
system; somewhat earlier a "one time pad" with a pseudorandom number
generator (a LCG or LSFR, I think) appeared. Some footnotes
indicating the century in which the system was invented and broken
might reinforce the point.
--
-William
PGP key: http://www.eskimo.com/~rowdenw/pgp/rowdenw.asc until 2001-02-01
Fingerprint: B6E5 9732 3464 97C8 2B70 A031 6BF6 9E5C 16B5 C4000
Of all the gin joints in all the towns in all the world, she walks into mine.
