Wednesday, April 2, 2008

Snake Oil

After my first release in a long time. Version 2.4.7, a couple of individuals have called semeir as having a large chance of being 'snake oil'. However as much as i dis-agree, i am forced to agree they are correct that i don't have enough statistical data to prove my cipher is 'secure'. However, from my own tests it's working, however i'll let the data speak for itself.

They've also claimed that declaring i'm using a OTP (One Time Pad) or claiming i have one is bad practice and misleading. It's true it's not a true One Time Pad, (working on pencil and paper with a true list of random data) But nothing is truly random anyways. If you consider that a One Time Pad uses a random stream of data for it's security; that's exactly what my OTP functions do, they double as multiple parallel RNG's if you want them that way.

http://lwn.net/Articles/274857/


http://www.geocities.com/rtcvb32/zips/dh.tbz2.zip <- PRNG tests with Diehard, 1Gig

Next bits of data come from this, /apps/misc_tests/otp.c uses a 9 blocksize by default and it's number of returns before a repeat is:

9 - 10,625,324,586,456,701,730,816 Ints (38,654,705,664 -TeraBytes)

I Used a 4Gig random data block; the results are pretty astounding.
1's 17,179,831,574 - 49.999890540493652224540710449219
0's 17,179,906,794 - 50.000109459506347775459289550781
(50% within 1/10000th for being 1:2508.253 the size of the full length)
Currently, it will take a couple years before the code is accepted, and tests proving it's worth using. There are so many advantages in it already, however slower and using more resources than other ciphers, it still does quite well.

However that doesn't stop you from trying it out and using it as a 'Experimental alternative'. If you feel it's not secure enough for you, that's ok.

Era

No comments: