MSc from Bangkok

[ciphergoth]

I got mail the other day, forwarded by my former boss Ruedi, from a Thai MSc student looking for someone to review their thesis. I said "I might not be the expert you're looking for, but send it anyway". I got it this morning.

I basically can't find anything good to say about any of the original work. It's clear they've read descriptions of two or three block ciphers and decided to concoct their own without understanding why the ciphers are built that way; the resulting cipher is no more secure than XOR.

They claim it's been accepted at a couple of conferences, which is either just false or these conferences didn't get anyone even vaguely familiar with the field to look at it first.

So, what should I do with it? Send a quick critique just to them? I've asked them for their thesis advisor's email address directly, so I can get some unbiased advice...

Comments

[babysimon]

You have to tell them it's bad. It's not a nice thing to have to do but they may have time to save it if you do it now.

Incidentally, when I was doing my MSc thesis, I looked at previous ones and about 50% were complete wastes of time, so he's not alone.

[djm4]

Sounds like you're exactly the expert they're looking for. Tell them the resulting cypher is no more secure than XOR, and explain why. If possible, point them at a few references that might be useful for them to understand and help them not to make this mistake again in the future.

[lovingboth]

I agree with the first two sentences, but not the last. If they really are up to the qualification, they can do their own research. If they're not, then why do their work for them?

[wechsler.livejournal.com]

It's one of those cases where you can practice being unfailingly polite and selectively destructive at the same time.

Much like writing "kindly don't run me over" letters to Stagecoach.