Re: Top Secret Crypto 3.70
From: headcrash (headcrash_at_platter.com)
Date: Fri, 31 Dec 2004 00:27:34 -0800
On Fri, 31 Dec 2004 08:56:21 +0800, "MacGregor K. Phillips"
>"oversight" <firstname.lastname@example.org> wrote in message
>> goto GnuPG !
>> ;) C 3.70 is a bit more than it seems...
>Please explain what you mean by "is a bit more than it seems...". Sounds
>very conspiratorial to me. I am very interested to hear your response. After
>all, I am the one that wrote the program and the source code is there for
>anyone to take a look at and compile themselves.
>MacGregor K. Phillips
>TAN$TAAFL Software Company
I can help with that. It's easy when you have this kind of BS on your
site to describe the product in jingoistic, non-proven terms:
This paragraph was taken verbatin from your website
"Top Secret Crypto Gold's strength rests on three basic concepts:
(1) a true source of random bits which is provided by the program
(2) a very large key space for the pseudo random number generators
(3) a simple, but elegant, encryption formula. We call this The
Black-Hole Encryption System. Like a black hole in which nothing can
escape from, not even light, data encrypted using our system cannot be
decrypted and extracted without the correct key."
OK, let's start with number 1: Bullsh*t - there is not a true random
source of bits on a deterministic-by-nature PC. Anyone who claims
differently is a snake oil salesman
Now on to number 2: Bullsh*t - very large keyspace for the pseudo
random number generators? What kind of double-speak is that? And
don't explain what keyspace means as everyone already knows it. A
well-crafted cipher only needs 128-bits of security. Meritless claims
of a zillion bits of keyspace are worthless, and the fodder of snake
Hey, we're already at number 3: Bullsh*t - I don't even know where to
begin in this one, it stinks so much. Black-Hole Encryption System?
WTF is that supposed to mean? How about your competitor's
Supermassive Black Hole Encryption System? As everyone (with a bit of
astro-physics) knows, supermassive black holes have the mass of over a
billion black holes. Suppermassive black holes eat regular black
holes. How puny your system looks now. Their system is over a
billion times better and stronger than yours. Whatever.
And the decription of "simple but elegant". Simple - possibly.
Elegant - extremely highly unlikely. Everyone before you that has
spewed the kind gobbledegook that can be found on your website
describing your nimrod encryption product has turned out to have a
most inelegant product.
The obvious point here is that anyone who foregoes using an
established algorithm like AES or 3DES or Blowfish or Twofish that are
available FOR FREE in many reputable products like GNUPG in order to
pay actual money for an unproven and most likely insecure product like
yours is <explitive deleted> insane.
There is so much garb to go over I must post another quote from your
site that actually touts this as a feature:
"A 39-bit timestamp means the program will be valid for 17,000+ years"
This is *so* lame and I'm laughing so hard, its hard to write.
Hmmmm... 17,000 years... gee... I don't know, man... couldn't you
have made it valid for 100,000 years?
NO! You couldn't. Its not even valid now. Tommorow, next week, a
couple of months from now NO ONE'S GOING TO CARE! Not even the phony
posts coming from you going "Gee hey everybody in sci.crypt, have you
heard of this <explitive deleted piece of cr*p> software package
called <explitive deleted nobody cares>? I just read about it and it
looks really neat. Should I use it?"
So, in closing, I think that when he said:
;) C 3.70 is a bit more than it seems...
He was being much nicer than I'm being, but the nessage was the same,
which is your product is a bigger bag of snake oil than all get out.
Again, the better product to use would be GNUPG
Known-good algorithms designed by some of the best in the non-black
Compatible with PGP
Open, well-tested source
The implementation of GNUPG has been recommended by many of the top
crypto people. They've looked at its model closely and see that it is
correctly designed and uses proper security techniques.
And GNUPG doesn't use the snake oil terms "true one time pad" or "true
source of random bits" or "Black Hole" anywhere in their website or
I can explain it even further for you if this was not sufficient.