Re: Top Secret Crypto 3.70

From: Johan Wevers (johanw_at_vulcan.xs4all.nl)
Date: 12/31/04

• Next message: BRG: "Re: Help needed for a sorting code in the literature"
• Previous message: crazyfly: "crypt question"
• In reply to: headcrash: "Re: Top Secret Crypto 3.70"
• Next in thread: Tom St Denis: "Re: Top Secret Crypto 3.70"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Fri, 31 Dec 2004 12:41:42 GMT

headcrash <headcrash@platter.com> wrote:

>OK, let's start with number 1: Bullsh*t - there is not a true random
>source of bits on a deterministic-by-nature PC. Anyone who claims
>differently is a snake oil salesman

I disagree. You can solve it the way pgp 2 handled it - use user keystrokes
as a source for random, or the way GnuPG handles it - use /dev/random, which
gets input from user interaction and system responses like harddisk activity
on it. Both contain a (probably undeterministic) human factor.

If you insist on more randomness there are special hardware boards that
measure white noise from certain electronic components - truly random.

I agree on the other points: using an unknown encryption algorithm of
untested design is insecure and unwise. Even the most respected
programmers can fail here - does anyone remember Bass-o-matic in pgp 1.0?

>And the decription of "simple but elegant". Simple - possibly.
>Elegant - extremely highly unlikely.

I've seen very few ciphers that I would call simple and elegant. They
usually contain large arrays of carefully chosen sboxes. The most
elegant design I know that is not completely broken (as far as we know
now) is IMO RC5. IDEA would also have some claims on both, although it's
more complicated by design.

>Again, the better product to use would be GNUPG

I certainly agree with that.

-- 
ir. J.C.A. Wevers         //  Physics and science fiction site:
johanw@vulcan.xs4all.nl   //  http://www.xs4all.nl/~johanw/index.html
PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html

• Next message: BRG: "Re: Help needed for a sorting code in the literature"
• Previous message: crazyfly: "crypt question"
• In reply to: headcrash: "Re: Top Secret Crypto 3.70"
• Next in thread: Tom St Denis: "Re: Top Secret Crypto 3.70"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: Top Secret Crypto 3.70 ... You can solve it the way pgp 2 handled it - use user keystrokes ... untested design is insecure and unwise. ... I've seen very few ciphers that I would call simple and elegant. ... (linux.redhat) Re: Top Secret Crypto 3.70 ... You can solve it the way pgp 2 handled it - use user keystrokes ... untested design is insecure and unwise. ... I've seen very few ciphers that I would call simple and elegant. ... (alt.computer.security) Re: Secure email ... >> This would require an additional PGP-plugin for Outlook. ... Whether S/MIME or PGP is used depends very much on the security policy ... more "elegant" with PGP in general and how you can tell what the "best ... (comp.lang.python) Re: Query for Averageing ... RobinF wrote: ... Table Design: ... Oakland, CA ... PGP for Personal Privacy 5.0 ... (microsoft.public.access.queries)

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint