[Edu-sig] Re: Cryptonomicon

Kirby Urner pdx4d@teleport.com
Mon, 27 Nov 2000 13:23:03 -0800

```>Anyway, it's much more realistic from an encryption point of view,
>without being much more complicated than a clubhouse algorithm.  Win-win.
>
>--Dethe

RE: SOLITAIRE

I think it's quite a bit more complicated than the clubhouse
algorithm, but highly relevant and useful in any case. I'll
http://www.inetarena.com/~pdx4d/ocn/clubhouse.html as it's
so tied-in the the 'Cryptonomicon' thread.  Thanks for
pointing this out.

It'd be a fun project for a student to verify the Python
implementation of Solitaire against the test vectors provided
(test vectors show, for example, what ciphertext you should
get out, using what key and plaintext as inputs).

As I recall from the novel, the Perl version makes heavy
use of regular expressions.  Probably the Python version
is written the same way (I haven't looked at it yet).
If the tests fail for any reason, then the verification
job could turn into a debugging job.

RE: BLOWFISH

Speaking of complicated, state-of-the-art algorithms, I've
just finished running the test vectors (successfully) for
my pure Python implementation of the Blowfish encryption
algorithm.  I haven't written anything about it yet, but
the code itself is at:

http://www.inetarena.com/~pdx4d/ocn/python/blowfish.html
http://www.inetarena.com/~pdx4d/ocn/python/blowfish.py

(that's a color-coded .html version for readability,
as per my usual practice).

A.M. Kuchling has done the sophisticated implementation
of Blowfish for Python, available via
plus he's sharing lots more algorithms besides Blowfish,
and implementing them for speed, by extending Python's
modules using C.

What I'm doing is helping students learn the algorithm
in a way that assumes familiarity with Python, but
not necessarily with C -- i.e. my implementation is
more for pedagogical purposes than for providing
industrial-grade code for a production environment.
It provides a good excuse to play around with bits
and bytes, which in turn reinforces the groundwork
for a lot of "math through programming" topics.

Blowfish is one of this bit-flipper mix-masters which
churns away at a huge haystack of array values,
initialized by default to the hexadecimal digits of
PI.  Your pin (which can be from 32 to 448 bits, in
32-bit increments), gets churned into that haystack
(by way of 521 encryption operations) and effectively
lost (so don't forget it).

This pin-initialized haystack then encyphers your
plaintext in 64-bit blocks, losing it too -- and yet
by simply reversing the 16+ pre-defined encyphering
operations, the plaintext is faithfully recovered
-- provided, of course, said haystack is first
initialized using the same pin.

Kirby

```