[Cryptography] TEXTCOMBINE-REV, A software for combining text files to obtain high-quality pseudo-randomness in practice (replacing an earlier retracted software)

mok-kong shen mok-kong.shen at t-online.de
Sun Sep 3 08:35:38 EDT 2017 

Am 02.09.2017 um 15:17 schrieb Michael Kjörling:
> On 1 Sep 2017 22:05 +0200, from mok-kong.shen at t-online.de (mok-kong shen):
>>> https://tools.ietf.org/html/rfc4086#section-6.1.2
>> In security, actually in all issues of discussions  (not to say
>> politics etc.), one could take different standpoints. But one should
>> also consider IMHO the "reality" in the different scenarios. Here in
>> security I suppose one should take into accout the nature of the
>> particular applications, the quantity/quality/value of informations
>> and  the users concerned,
> On the other hand, why should we knowingly give users _less_ than the
> best we can reasonably achieve within the relevant engineering
> constraints?
>
> It's hardly a valid argument to say that "this class of users don't
> expect any significant security, so let's use MD5/DES/RC4/whatever
> instead of an algorithm believed to be secure". A valid argument can
> _possibly_ be made that the restrictions imposed e.g. by the hardware
> _requires_ the use of less computationally intensive algorithms
> (which, in turn, does not necessarily imply that those algorithms are
> less secure; only that they have different properties), but your
> proposal, to me, does not appear to fall into such a category.
>
> Maybe you've posted that before, and I've missed it, but: What use
> case does your idea target which is not covered by some other,
> existing, well-studied algorithm for deriving unpredictable data?
>
I was writing something about my personal viewpoints of security needed 
in practice.
If you consider that bad/unjustified, forget what was written there in 
the present context.

On the other hand, note that my software is "indeed" offering the best 
to the users.
The result from the ENT test of the example run is excellent, isn't it? 
(Other schemes
certainly may achieve that as well, but that isn't the point here.)

To your last paragraprah, I have written in Prologue of the software 
that the it is a
[viable] alternative. I am claiming no more, nor less.

M. K. Shen

More information about the cryptography mailing list