I've taught folks to use this cipher, then showed them Crowley's analysis. It's a good exercise that provides a taste of the sort of cryptanalysis found in real-world ciphers and other cryptographic primitives. It's much more difficult for folks without the background to understand reduced round attacks in AES -- since that does require some understanding of key scheduling in the cipher -- but after physically manipulating those cards, then doing some statistical reasoning to reproduce the results of this paper, it's relatively easy to visualize some of these weaknesses.
That's definitely a good primer for getting folks to think carefully when choosing and using cryptographic primitives when designing protocols. That can be a subtly difficult challenge.
I've taught folks to use this cipher, then showed them Crowley's analysis. It's a good exercise that provides a taste of the sort of cryptanalysis found in real-world ciphers and other cryptographic primitives. It's much more difficult for folks without the background to understand reduced round attacks in AES -- since that does require some understanding of key scheduling in the cipher -- but after physically manipulating those cards, then doing some statistical reasoning to reproduce the results of this paper, it's relatively easy to visualize some of these weaknesses.
That's definitely a good primer for getting folks to think carefully when choosing and using cryptographic primitives when designing protocols. That can be a subtly difficult challenge.