Heathfield's intellectual integrity

  • Thread starter Borked Pseudo Mailed
  • Start date


Borked Pseudo Mailed

[was: Comment on thread "Heathfield's errors"]

Are you referring to my "thread" on Usenet? It might've ended up on
some Usenet mirrors. I actually did a whole series of threads on
"Dick Heathfield's book errors", which I've decided to post in a
compilation form sometime this week for convenience purposes. However,
I read only one of Heathfield's chapters and didn't get around to
reading the rest.

The book is a pretty minor flop in Heathfield's coding career. More
hilarious was his CDX-1 encryption algorithm that he posted to
Usenet about a decade ago and still claimed was unbroken in 2004, after
he'd thrown in some S-boxes for CDX-2. Heathfield was unaware that his
buffer bit rotation did jack shit, since it amounted to a simple key
rotation, which in turn, by the associativity of the XOR operator,
degenerated into plain XOR encryption vulnerable to the usual index of
coincidences and frequency analysis. I think it might've been a case of
the emperor's new clothes that nobody else bothered to point that out
(check the history - you won't find anything). When someone who had been
quarrelling with Heathfield on other matters sent Heathfield an email
with a full proof and demonstration and request to be given public credit
on comp.lang.c and on Heathfield's old Web site, Heathfield displayed his
usual lack of intellectual integrity and said that he would be posting
details only when the email sender was "polite and civil" about his
discovery. That didn't stop Heathfield from taking the email sender's
suggestion of S-boxes to "at least make cryptanalysis more involved",
a modification he made in the second version of his encryption

I can't be bothered reconstructing the full details, but it would
start out like this (notice key length of 9):

$ echo -n "dickheath" > key
$ cat plaintext
He may or may not be a troll. It's often hard to tell. But his choice of
subject line is dreadful. I bear him no animosity whatsoever. I don't bear
animosity towards any racist. But there is a difference between not
bearing animosity towards someone on the one hand, and remaining silent
when they exhibit discriminatory attitudes towards particular ethnic
groups. Niemoller, Burke (attrib), and all that.

When we make the mistake of basing our assessment of a person not on that
person's actions, but upon characteristics over which the person has no
control (e.g. ethnicity, gender, whatever), we tread a very dangerous path
indeed. People are, first and foremost, individuals rather than mere group
members, and they should be treated as such.
$ ./cdx plaintext ciphertext key
$ ./indexes2 ciphertext 15
index 1: 3
index 2: 1
index 3: 6
index 4: 7
index 5: 2
index 6: 2
index 7: 3
index 8: 6
index 9: 27
index 10: 0
index 11: 2
index 12: 3
index 13: 3
index 14: 2
index 15: 3

Thus the key length is exposed and any amateur cryptographer
knows what to do next.

Han from China


Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question