Does rotor follow a cross-language encryption algorithm ?

John Thingstad john.thingstad at chello.no
Mon Nov 26 02:02:45 CET 2001


Lance Ellinghaus said:
>  PKI is great and much
> stronger than the rotor module, but as you stated, it works when you
> need "just enough" encryption.

I strongly disagree with the above statement. To me false security is worse than no security.
To demonstrate my point I wrote a expert system to crack rotor code earlier this year.
True, the job is not a trivial endavor. But a experienced programmer should be able to do this in a month or two.
If I chose to share the code over the net the every script ciddy could use it too.
An average message takes about 10 minutes to decrypt. 
(The code is in python. I run Win98 on a Pention Mmx II 400 with 64 Mb of ram.)
I used Booch crypto analysis spec as a starting point and elaborated.
So what is just enough encryption. If you don't have anything to hide then why encryt it.
My recomendation is to use the Blowfish algorithm for encrypting files.
If you need to send data over the net use RSA or DSA. (DSA being the better choice.)
PyCrypt should take care of this






More information about the Python-list mailing list