Hey all, On Wed, 2 Apr 2025 at 11:50, Andrew Gallagher via Gnupg-users < gnupg-users@gnupg.org> wrote:
> Hi, Ben. > > On 1 Apr 2025, at 14:11, Gordian Crypt via Gnupg-users < > gnupg-users@gnupg.org> wrote: > > > I am writing to introduce myself and share details about a new encryption > algorithm I have developed—GordianCrypt. With over 10 years of experience > in security and networking, I have dedicated my career to advancing > encryption technologies. This algorithm is the culmination of that work, > and I am eager to receive insights and feedback from experts like you. > > > GordianCrypt is designed to provide robust security through an innovative > approach to public key encryption. I invite you to visit the demo website at > www.gordiancrypt.com, where you can review the white paper and > experiment with the encryption and decryption processes firsthand. > > > Without a copy of the code, we are not doing anything firsthand, it’s just > a web form with unclear properties. It could be doing anything in the back > end for all an external observer can know. And your white paper contains no > technical info; it reads as a press release. If you want meaningful > feedback, you need to publish your algorithm - in excruciating detail. > > What little I can glean from your website is concerning, for example when > you sum the bit lengths of each of your ten (!) layers - this merely > provides an upper bound on the cryptographic strength, which could be > orders of magnitude lower (or even zero) depending on the implementation > details. In general, superimposing multiple layers of algorithms with > smaller individual key spaces does not compare to using a single algorithm > with a larger key space, and these layers may interact in non-trivial ways > - see 3DES for a real world example of how such a construction can fail. > > You claim that your algorithm is quantum-safe, but provide no security > proof. You also claim that it is “unbreakable by AI”, which is a trivial > property since AI can’t even break the weakest known ciphers. It is not > clear that you have any experience in cryptanalysis or algorithm design - > might I humbly suggest that you start with something a little less > ambitious? > > In short, there is nothing here (yet) to review. > > Thanks, > Andrew. > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users@gnupg.org > https://lists.gnupg.org/mailman/listinfo/gnupg-use > <https://lists.gnupg.org/mailman/listinfo/gnupg-users>rs I really hope this message was just an April Fools joke, since if you really want us to audit what you made, technical details of the algorithms need to be public. I also noticed this was only sent to the GnuPG mailing list. Do you have anything to support your backing like academic affiliation or a company? Deciding to launch a cryptography product without proper peer review is just plain irresponsible. Have a good one, Anze > >
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org https://lists.gnupg.org/mailman/listinfo/gnupg-users
