Encryption seems to be hot topic at the moment and I could do with some advice on my own algorithm (but I'm not looking for someone to debug my code).

Below you will find a link to my random number generator C++ class. The random number generator algorithm is a good one -- I developed it from a standard algorithm (references are supplied in the download) and have tested it substantially. I thought that this would make the basis for a good symmetic encryption algorithm, therefore I extended the internal seed used by the algorithm from 32 bits to 64 bits (using the __int64 type), and added encrypt and decrypt data methods. After doing a little research recently, I now know that what I have is often referred to as a 'Symmetric Stream Cipher'.

www.alpha-india5.com/download/randomal64.zip

Notes:

Download size : 11KB

Randomal64.cpp/h are writted in standard C++ (but use the extended __int64 type)

Source for a demo program is included, but this is Borland C++ Builder

Instructions are included & the source is free of copyright (see readme.txt)

I'd really like to use my algorithm in a commercial product and publish the source widely, but I'm skeptical about it's security. Here's my question:

My encryption algorithm would seem to be very good -- it's very simple and very quick. And (on the surface) would appear to be very secure. In fact it's so simple, it should have been obvious along time ago. So why isn't there a well known algorithm similiar to mine in use already? From what I've gathered, Stream Ciphers are really used, instead most symmetric encryption algorithms are known as 'block ciphers' and are more complicated.

So what's wrong with my algorithm? Is it the case that stream ciphers are susceptible to an analytical attack? My only inclination goes along the lines of:

1. Pseudo random number generators are deterministic (hence not truely random). I know for a fact that it is possible by analysis to distinguish between a sequence of truely random numbers (say generated by physical effects) and those generated by a deterministic algorithm.

2. Therefore, given some clues as to what the encrypted data contains, it may be possible to analytically predict the behaviour of my algorithm, without knowledge of the internal key 64 bit key value. Hence, hack the data.

But I don't know. Can anyone shed any light on this?

Davros