Writing your own encryption algorithm? Duh!!

Feb 11 2009

One of my friends was talking to me:

Hey you see that guy? He is a very good programmer and he knows a lot of stuff.

I asked him whether he knew anything about this encryption algorithm. He told me that he knows a lot about encryption algorithms. In fact he writes his own encryption algorithms. He told me that it is always better to write your own algorithms.

Yeah.

Now I know how knowledgeable he is.

I have small request to make to all of the self proclaimed cryptographic experts out there:

Cryptography is hard. It is hard because there are always smarter people out there who can break your home-made super-duper encryption algorithm. If you are so confident in your abilities, use your own encryption algorithms in your own applications. Please don’t give it to the public. If are sharing your application with us, specify that you are using your own encryption algorithm so that we’ll understand how awesome you are and how awesome your products will be (and probably avoid using your awful application).

I know what you will be thinking right now:

But, nobody ever cracked my encryption algorithm!

That is because nobody cares. People have their own work to do rather than trying to crack your pet algorithm. If you really want to test the strength of your algorithm, try announcing a million dollar prize for the guy who breaks it.

And please don’t spread messages like “it is always better to write our own algorithms”  among us mortals. May be you can do good security on your own; we can’t.

96 responses so far

  • Mahedev says:

    Is is possible to create an algorithm based on matrice multiplication? I study mathematics and feel that this is a secure way of encrypting data. The idea is to keep the decryption key separated from the data and stored remotely, e.g., a flash drive.

    I have very little knowledge of computer systems and coding.

  • I’m not that much of a online reader to be honest but your sites really nice, keep it up!
    I’ll go ahead and bookmark your website to come back later
    on. All the best

  • […] got their first" sour grapes complaint. There's a principle in computer security that you don't invent your own crypto. Which is exactly what Keybase is doing. They're using GnuPG under the hood, […]

Leave a Reply