I really spent a lot of time and great efforts in the development of these algorithms.
I'm not saying you didn't, and I'm not saying your algorithm is bad, or that Rijndael is the best algorithm. What I am
saying is that a new algorithm shouldn't be trusted until it has been through rigorous testing by a lot of people.
It seems that you trust too much in open source. Open source is a good thing to show others how to do special solutions or to create free programs for others. In such things like encryption I personally don´t trust very much in the security of open encryption algorithms that everybody can access and analyse.
Forum regulars will know that I'm not an open-source zealot. But for something as critical as encryption, there's no way I'd ever use a closed-source algorithm - security through obscurity never
worked. Without peer review, the only guarantee I have that your algorithm is good is your words. Try seeing things outside your own perspective - would you trust business- or life-critical data to a random guy?
(Please keep in mind that I'm not saying you're untrustworthy or anything silly like that, but I don't have any particular reason to trust you either)
The "open" that is in most cases a good thing is in this case a weak point.
Why? If it's open, multiple people can look for flaws in the algorithm. Of course this doesn't to most people, as it takes a lot of math background to do crypt-analysis, but keeping it closed gets you zero
Additionally, I perhaps want to make a commercial product out of Cryptonizer with some other new features I don´t want to reveal now and these are the reasons why I don´t want to spread the source everywhere.
You can make a commercial product even if the algorithm is open - there's a lot more to systems using encryption than just the algorithm used. I'd personally never use a product using a proprietary algorithm though, and I'd advice everybody against doing so, too.
Some time ago people thaught DES or AES128 would be secure like you do now for AES that seems not to be very secure to me as your guru Bruce Schneier wrote.
That sounded slightly patronizing... if I was a Schneier I'd probably have been running around in circles promoting Twofish, don't you think? I do believe he often has som very sensible things to say, though.
I become a little bit sceptic when I see that NIST and the NSA wants everybody to use AES for public encryption. Would they really want you all to use an encryption they cannot decrypt without big efforts? Organisations that insist and live from controlling, information gathering and knowing everything about everybody doesn´t seem to be a trustful source for hints and tips.
Ah, don't we love a good conspiracy theory?
Rijndael might have been chosen for backdoors, but I kinda doubt it - part of the focus for choosing an AES algorithm was decent software performance and efficient hardware implementation. Remember that the idea behind AES was finding a standard algorithm that would be widely
deployed - and that the process started back in 1997, where processing power was a lot
more limited than it is today. While I do believe in being skeptic and find conspiracy theories amusing, I don't believe the NSA is able to break, for instance, 256-bit Rijndael.
As for Echelon... heh. Yes, there's a lot of filtering, data collection and cross referencing going on, and it's scary what kind of information can be pieced together (especially in the .us) - and several countries do run Carnivore software at the ISPs border gateways. But the system is still nowhere near what the media scare claimed, and realtime bruteforcing of all encrypted traffic? Riiiiiight.
Thank you for your words not to totally shut the eyes for new developments . With such an attitude I would never take a close look to other programs like FARR, fSekrit or other cool things you can find here or anywhere else.
I'm not shutting my eyes for new development - agan, I'm only saying that
1) new algorithms shouldn't be trusted until they've been thoroughly tested
2) you shouldn't trust closed-source algorithms
I posted the code to other programmers that also said to me this could be a too simple way of encryption. After taking a look on it they admitted it´s impossible for them to say something about it´s safety but the principle should work.
Not everybody who's a programmer is a cryptanalyst...