Re: little encryption tool wanted

From: Foo Bar (foobar965_at_hotmail.com)
Date: 03/31/04

  • Next message: Mxsmanic: "Re: Can encrypted data be indexed?" 
    Date: Tue, 30 Mar 2004 22:31:36 GMT

    "S.D. Weijand" <sdw1468@shaw.ca> writes:

    > In article <Yv9ac.87850$dP1.258015@newsc.telia.net>,
    > Foo Bar <foobar965@hotmail.com> wrote:
    >

    <SNIP>

    > > Just one question. You write that all these impressive institutions
    > > "have tested the technology, verified the claims, and reported their
    > > findings", but what claims have they verified? Not the one that
    > > Whitenoise is virtually impossible to crack, surely. I don't think
    > > you'll find any such claims in the report of David Wagner, for example.
    >
    > Did you read the report? It seems extremely positive from my reading.
    > Not the type of report you get from a person of David Wagners reputation
    > for a "snakeoil" product

    Yes I read it. As I remember it (feel free to correct me), it basically
    states that "I tried to apply these techniques and they didn't work"
    with some details into what was tried. I would be surprised if there was
    _any_ claim about Whitenoise being uncrackable.

    Actually, in the executive summary, Wagner writes: "To be sure, this is
    not a guarantee that Whitenoise is secure. It is possible that someone
    else might be able to find some weakness that I overlooked. <...> For
    this reason, it would be premature to deploy Whitenoise in new systems
    at this point."

    An interesting aside is that they choose the part where Wagner describes
    how hard it is to brute force a 1600-bit key as the abstract of his
    report on the front page of the website. Nice! Please remind me, why
    would we want a 1600-bit key?

    > > And when we are done with that, we should look at:
    > > http://eprint.iacr.org/2003/250/
    > > where Hongjun Wu shows that Whitenoise is easily breakable.
    <SNIP google-groups link>
    >
    > If you look at http://eprint.iacr.org/2003/249/ you will see the
    > revision as a result of Hongjun Wu's attack.

    So, their first attempt was cracked 48 hours after it was published but
    this one is "like no other encryption method in the World" and
    "virtually impossible to crack"? We should trust them, right?

    /FB 

    -- 
Foo Bar (foobar965@hotmail.com)
  • Next message: Mxsmanic: "Re: Can encrypted data be indexed?"