• 0

My Encryption Algorithm...


Question

I was unsure what forum to post this in...

I've been working on an encryption algorithm for sometime now which I simply call Cypher. The problem is the max keylength is 131072 bytes (128k). Because of this, I worry that it would be illegal to release this algorithm.

Back in Jan '04, a friend opened up a Sourceforge project for me, located here. Because of the 'legal' issues, I have yet to upload anything to this page. And due to the inactivity, somebody has put in a request to take the project name "Cypher". Details on that can be found here. I'm unsure if I should let them take over the project or not.

I was hoping to find someone here on Neowin who might know a thing or two about this. I need to know if it would be worth the trouble, if there might be some chance that it would be legal for me to upload source files for Cypher.

Please don't bring up issues about security. I personally have no proof that the algorithm is secure, other than my own recognition. I'm sure no one here trusts me, and I don't blame you either. I can assure you this is much more than just some crappy XOR encryption though...

Link to comment
https://www.neowin.net/forum/topic/336243-my-encryption-algorithm/
Share on other sites

8 answers to this question

Recommended Posts

  • 0

IANAL, but in general, it should be OK, because ITAR no longer classifies strong cryptography as arms. Although you said don't mention security... I don't want to be to discouraging, but cipher design should really be left to the experts...

Also, http://www.rsasecurity.com/rsalabs/node.asp?id=2327 has some more notes about this subject.

  • 0

Thanks for the reply zeta.

Quoted from the link:

Today, any cryptographic product is exportable under a license exception (that is, without a license) unless the end-users are foreign governments or embargoed destinations (Cuba, Iran, Iraq, Libya, North Korea, Serbia, Sudan, Syria, and Taleban-controlled areas of Afghanistan as of January 2000).

I'm not sure what they would consider 'exporting' under these laws. For example, if I were to upload code to a server, and a person from one of those areas downloads it, could I get in trouble for that?

  • 0
  xinok said:
Thanks for the reply zeta.

Quoted from the link:

Today, any cryptographic product is exportable under a license exception (that is, without a license) unless the end-users are foreign governments or embargoed destinations (Cuba, Iran, Iraq, Libya, North Korea, Serbia, Sudan, Syria, and Taleban-controlled areas of Afghanistan as of January 2000).

I'm not sure what they would consider 'exporting' under these laws. For example, if I were to upload code to a server, and a person from one of those areas downloads it, could I get in trouble for that?

586114988[/snapback]

put a licence agrement on it, basically saying do not use if you are in these countrys

  • 0

I *think* it's safe to export source code, but it was illegal to export actual strong encryption software. Now these rules are changed to the ones mentioned above.

This trick was used by PGP to circumvent the export restriction. The code was exported, compiled in another country but the US and the imported in binary form. This way it was legal.

So I think it's perfectly safe to upload your sources to sourceforge. (but don't hold me liable if this is not 100 percent accurate)

  • 0
  MurrayF1 said:
put a licence agrement on it, basically saying do not use if you are in these countrys

586115012[/snapback]

Sounds good :)

For now, I'm going to reclaim my Cypher project on Sourceforge. Then I should probably find somebody to write a license agreement for me, as I'm sure I would mess it up :blink:

I'm still gonna hold back on releasing source code until I'm absolutely sure its safe, but hopefully I'll be able to do so soon enough.

  • 0
  code_monkey said:
http://www.crypto.com/exports/ - Send the email and you should be fine.

586115204[/snapback]

Thanks a lot for that link. So just to be sure, I simply send an email with a URL to where the source code will be available? And should I wait for a reply in my email or anything before uploading the code?
  • 0
  xinok said:
Thanks a lot for that link. So just to be sure, I simply send an email with a URL to where the source code will be available? And should I wait for a reply in my email or anything before uploading the code?

586115329[/snapback]

I've fairly certain that its just notification, you don't need a confirmation.

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Posts

    • Missing the Streets of Rage 2 Classic, the link provided its for Streets of Rage Classic both are free
    • Mastodon updates terms of service to ban AI model training on user data by David Uzondu Mastodon has updated its terms of service to explicitly prohibit scraping its platform to train artificial intelligence models. The new rules, which kick in on July 1, make it perfectly clear that using automated tools to slurp up user data from its main server, Mastodon.social, for LLM training is a big no-no. Neowin received a copy of an email sent to users, notifying them of the change, which introduces new language prohibiting the "scraping of user data for unauthorized purposes, e.g., archival or large language model (LLM) training." Here's a snippet from the updated terms of service: This policy change comes at a time when users are getting increasingly ###### off about their public posts becoming free fuel for the AI gold rush. In fact, this is probably good news for the same crowd over on Bluesky that freaked out after a massive, user-traceable dataset of their public posts was compiled and uploaded for AI research. AI bot scraping has become a huge problem for everyone from giants like Reddit, which is now suing Anthropic, makers of Claude, for training on its posts without a license, to even Neowin readers, like Gerowen, who noted how a swarm of bots, including one Claudebot (you don't say!), hammered his personal server with over 700,000 requests in 24 hours, putting a huge strain on his "home NAS running on an old PC tower in the back woods of Kentucky." It is important to remember that Mastodon is a federated network. These new terms apply specifically to the Mastodon.social server, which is operated directly by Mastodon gGmbH. This means that while users on the main instance are now protected, those on other independent servers in the "fediverse" will only get the same protection if their instance administrators adopt similar terms. The company is globally enforcing a new minimum age requirement of 16 for all users, raising it from the previous limit of 13.
    • Keep in mind that updates for it end on Oct 13, 2026. While this may not matter much for those who don't care about features, it might for fixes, and it certainly would for security.
  • Recent Achievements

    • Explorer
      JaviAl went up a rank
      Explorer
    • Reacting Well
      Cole Multipass earned a badge
      Reacting Well
    • Reacting Well
      JLP earned a badge
      Reacting Well
    • Week One Done
      Rhydderch earned a badge
      Week One Done
    • Experienced
      dismuter went up a rank
      Experienced
  • Popular Contributors

    1. 1
      +primortal
      699
    2. 2
      ATLien_0
      275
    3. 3
      Michael Scrip
      219
    4. 4
      +FloatingFatMan
      190
    5. 5
      Steven P.
      146
  • Tell a friend

    Love Neowin? Tell a friend!