Re: Top Secret Crypto 3.70

From: headcrash (headcrash_at_platter.com)
Date: 12/31/04

  • Next message: _Vanguard_: "Re: Safer Way to Use Your Credit Card"
    Date: Fri, 31 Dec 2004 00:27:34 -0800
    
    

    On Fri, 31 Dec 2004 08:56:21 +0800, "MacGregor K. Phillips"
    <mkp@topsecretcrypto.com> wrote:

    >"oversight" <tapkamer@chello.nl> wrote in message
    >news:lBzAd.48468$Lv.20500@amsnews02.chello.com...
    >>
    >> goto GnuPG !
    >>
    >> ;) C 3.70 is a bit more than it seems...
    >>
    >
    >Please explain what you mean by "is a bit more than it seems...". Sounds
    >very conspiratorial to me. I am very interested to hear your response. After
    >all, I am the one that wrote the program and the source code is there for
    >anyone to take a look at and compile themselves.
    >
    >Sincerely,
    >MacGregor K. Phillips
    >TAN$TAAFL Software Company
    >http://www.topsecretcrypto.com
    >mkp@topsecretcrypto.com
    >

    I can help with that. It's easy when you have this kind of BS on your
    site to describe the product in jingoistic, non-proven terms:

    This paragraph was taken verbatin from your website

    "Top Secret Crypto Gold's strength rests on three basic concepts:
    (1) a true source of random bits which is provided by the program
    (2) a very large key space for the pseudo random number generators
    (3) a simple, but elegant, encryption formula. We call this The
    Black-Hole Encryption System. Like a black hole in which nothing can
    escape from, not even light, data encrypted using our system cannot be
    decrypted and extracted without the correct key."

    OK, let's start with number 1: Bullsh*t - there is not a true random
    source of bits on a deterministic-by-nature PC. Anyone who claims
    differently is a snake oil salesman

    Now on to number 2: Bullsh*t - very large keyspace for the pseudo
    random number generators? What kind of double-speak is that? And
    don't explain what keyspace means as everyone already knows it. A
    well-crafted cipher only needs 128-bits of security. Meritless claims
    of a zillion bits of keyspace are worthless, and the fodder of snake
    oil peddlers.

    Hey, we're already at number 3: Bullsh*t - I don't even know where to
    begin in this one, it stinks so much. Black-Hole Encryption System?
    WTF is that supposed to mean? How about your competitor's
    Supermassive Black Hole Encryption System? As everyone (with a bit of
    astro-physics) knows, supermassive black holes have the mass of over a
    billion black holes. Suppermassive black holes eat regular black
    holes. How puny your system looks now. Their system is over a
    billion times better and stronger than yours. Whatever.

    And the decription of "simple but elegant". Simple - possibly.
    Elegant - extremely highly unlikely. Everyone before you that has
    spewed the kind gobbledegook that can be found on your website
    describing your nimrod encryption product has turned out to have a
    most inelegant product.

    The obvious point here is that anyone who foregoes using an
    established algorithm like AES or 3DES or Blowfish or Twofish that are
    available FOR FREE in many reputable products like GNUPG in order to
    pay actual money for an unproven and most likely insecure product like
    yours is <explitive deleted> insane.

    There is so much garb to go over I must post another quote from your
    site that actually touts this as a feature:

    "A 39-bit timestamp means the program will be valid for 17,000+ years"

    This is *so* lame and I'm laughing so hard, its hard to write.
    Hmmmm... 17,000 years... gee... I don't know, man... couldn't you
    have made it valid for 100,000 years?

    NO! You couldn't. Its not even valid now. Tommorow, next week, a
    couple of months from now NO ONE'S GOING TO CARE! Not even the phony
    posts coming from you going "Gee hey everybody in sci.crypt, have you
    heard of this <explitive deleted piece of cr*p> software package
    called <explitive deleted nobody cares>? I just read about it and it
    looks really neat. Should I use it?"

    So, in closing, I think that when he said:

    ;) C 3.70 is a bit more than it seems...

    He was being much nicer than I'm being, but the nessage was the same,
    which is your product is a bigger bag of snake oil than all get out.

    Again, the better product to use would be GNUPG

    www.GNUPG.com

    Free

    Known-good algorithms designed by some of the best in the non-black
    crypto-world.

    Compatible with PGP

    Open, well-tested source

    The implementation of GNUPG has been recommended by many of the top
    crypto people. They've looked at its model closely and see that it is
    correctly designed and uses proper security techniques.

    And GNUPG doesn't use the snake oil terms "true one time pad" or "true
    source of random bits" or "Black Hole" anywhere in their website or
    documentation.

    I can explain it even further for you if this was not sufficient.


  • Next message: _Vanguard_: "Re: Safer Way to Use Your Credit Card"

    Relevant Pages

    • Re: Top Secret Crypto 3.70
      ... Black-Hole Encryption System. ... Supermassive Black Hole Encryption System? ... available FOR FREE in many reputable products like GNUPG in order to ... which is your product is a bigger bag of snake oil than all get out. ...
      (linux.redhat)
    • Re: Top Secret Crypto 3.70
      ... Black-Hole Encryption System. ... Supermassive Black Hole Encryption System? ... available FOR FREE in many reputable products like GNUPG in order to ... which is your product is a bigger bag of snake oil than all get out. ...
      (sci.crypt)
    • Re: How do you determine?
      ... Hash: SHA1 ... | I have tried many encoders. ... Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org ...
      (sci.crypt)