Tom St Denis is the author of this, Secure Science is sponsoring the project and further endeavors of the project. Secure Science does not claim ownership to the paper, but invests in the interest of the author.
The username is a joke about finding flaws;) I believe you are preaching to the choir, as this has been our intent. Introduce the cipher, get a formal review process started and a worthwhile challenge.
If you read the slashdot post, it is a casual preview, with intent to offer a challenge. We will be seeking formal professional review, coupled with a public challenge backed by monetary compensation.
I don't disagree with that point, and we are seeking review. But at this point, we are simply introducing the cipher to the public for comments and reviews of a casual nature.
Well, I hope to receive your comments on the actual algorithm then. You think quite highly of yourself, and at this time you have no ground to stand on. We believe it is comparably secure by design, and we offer the challenge to be proved wrong. Our confidence in the cipher itself seems to be the only problem you seem to have with this. You can think what you want, but we have had "professionals" take a look and actually tell us that this is definitely not snake-oil. So you're the only one in support of your argument. I suggest you keep hating, that's what you're good at.
Ok, so far he has gone farther then the hater involved in his comments. Calling anything snake-oil without actually understanding or reading the material is quite flagrantly absurd. Any well-read cryptographer will understand this paper and continue to take it seriously. You obviously don't, in an attempt to hide your lack of knowledge.
Slashdot is one heck of a way to get this out there. We don't expect it to solve anything over night. We have stated our case by issuing the paper and expect review.
The FIPS-186 requires sha-1 seed for k, I was referring to that. You're right, it's not a pre-image collision, but it still is a blow to standards as we speak.
Snake Oil is disguised crypto - this is open source crypto proposal. There is no snake-oil intended, since you're looking at all the math and its functions. Snake oil is when you're trying to sell something. You don't understand this paper, so you don't know what you're talking about. But crypto experts will disagree with your position.
may I also demonstrate that Schneier awarded $10,000 to a team of crypto experts that broke a part some of the twofish cipher during NIST competition.
http://www.schneier.com/twofish-contest.html
1) No - it is open source and technically public domain.
2) That is what we are attempting now - the preview is to get it lined up with crypto experts to review.
3) If it gets past 2, then that is something to consider.
Eh, wrong: Most 8xx numbers use ANI as a secondary process, not as a primary. If caller-id is blocked, yes it reverts to verifying with ANI, otherwise it trusts Caller-ID. 3 systems alone I can point out that do this. Ureach.com, Callwave.com and Buzzme.com - and of course, most credit card agencies do this too.
Slashdot Mirror
Tom St Denis is the author of this, Secure Science is sponsoring the project and further endeavors of the project. Secure Science does not claim ownership to the paper, but invests in the interest of the author.
The gimme-a-break was a joke comment - the original claim is that Schneier said that it wasn't snake oil.
ctr/gcm/ccm/eax can encrypt/decrypt without a "decrypt" mode of the cipher.
SSC refuses VC capital for many reasons, including reasons such as this. Our focus is actually on security, not "security through marketing".
There are no plans to patent these ciphers. They are for public consumption.
The username is a joke about finding flaws ;) I believe you are preaching to the choir, as this has been our intent. Introduce the cipher, get a formal review process started and a worthwhile challenge.
If you read the slashdot post, it is a casual preview, with intent to offer a challenge. We will be seeking formal professional review, coupled with a public challenge backed by monetary compensation. I don't disagree with that point, and we are seeking review. But at this point, we are simply introducing the cipher to the public for comments and reviews of a casual nature.
Technically Public domain = paper is public domain, code is not.
Well, I hope to receive your comments on the actual algorithm then. You think quite highly of yourself, and at this time you have no ground to stand on. We believe it is comparably secure by design, and we offer the challenge to be proved wrong. Our confidence in the cipher itself seems to be the only problem you seem to have with this. You can think what you want, but we have had "professionals" take a look and actually tell us that this is definitely not snake-oil. So you're the only one in support of your argument. I suggest you keep hating, that's what you're good at.
Ok, so far he has gone farther then the hater involved in his comments. Calling anything snake-oil without actually understanding or reading the material is quite flagrantly absurd. Any well-read cryptographer will understand this paper and continue to take it seriously. You obviously don't, in an attempt to hide your lack of knowledge.
Slashdot is one heck of a way to get this out there. We don't expect it to solve anything over night. We have stated our case by issuing the paper and expect review.
He gets payed, he's professional. :) So you've made up your mind that you're a dick and you have no knowledge whatsoever about crypto.
The FIPS-186 requires sha-1 seed for k, I was referring to that. You're right, it's not a pre-image collision, but it still is a blow to standards as we speak.
Source
www.securescience.net/ciphers/csc2/csc2ref.c
Reference Code is available for download.
You need to read the actual doc. Either way, SSC is posting the code up in about 5 minutes.
go to the site and email us, we'll send you the source.
Snake Oil is disguised crypto - this is open source crypto proposal. There is no snake-oil intended, since you're looking at all the math and its functions. Snake oil is when you're trying to sell something. You don't understand this paper, so you don't know what you're talking about. But crypto experts will disagree with your position.
may I also demonstrate that Schneier awarded $10,000 to a team of crypto experts that broke a part some of the twofish cipher during NIST competition. http://www.schneier.com/twofish-contest.html
1) No - it is open source and technically public domain. 2) That is what we are attempting now - the preview is to get it lined up with crypto experts to review. 3) If it gets past 2, then that is something to consider.
Ironically, Secure Science got an email from Schneier, his quote was "Wow. Definitely not Snake-oil."
Eh, wrong: Most 8xx numbers use ANI as a secondary process, not as a primary. If caller-id is blocked, yes it reverts to verifying with ANI, otherwise it trusts Caller-ID. 3 systems alone I can point out that do this. Ureach.com, Callwave.com and Buzzme.com - and of course, most credit card agencies do this too.