Re: crypto for Joseph Ashwood?

From: \ (jonez_at_norcom.ca)
Date: 06/14/05 

Date: Mon, 13 Jun 2005 21:06:27 -0600

Joseph Ashwood wrote:
> [CC added to REHjr the author os CryptoSMS]
> [Note to REHjr: The tone of this is not meant personally, but claims
> were made that need to be forcefully refuted in order to discourage
> use of extremely inferior products]
>
> " "- Prof. Jonez©"" <jonez@norcom.ca> wrote in message
> news:u5ore.62$j85.3751@news.uswest.net...
> > > Preference is to use SMS, so my question is,
> > > does anybody know about CryptoSMS, and is
> > > it strong enough to confuse the puzzle palace?
> >
> > I've heard it's impenetrable, even the CIA/NSA can't
> > get through it. IIRC there is a standing $10,000.00 challenge
> > to anyone who can break it, and the program is still
> > FreeWare.
>
> The designers of CryptoSMS are morons.

Do tell ...

>
> Lets just begin at the most grievous of errors. "3DES [uses] 384 key
> bits" (http://www.cryptosms.com/protect.html, editted for clarity)
> 3DES uses either 112 or 168 bits of key. This immediately qualifies
> them for moron status.

So your reading comprehension is somewhat less than your claimed
crypto expertise, eh Einstein?
How much of a moron must you be to not know the difference between
3DES and 3DEA?

> Next one "ARC4 [has] resist[ed] cryptanalysis." Check again, ARC4 is
> actually short for Alleged RC4, and has been attacked any number of
> times whether it is the WEP attacks which relied on a broken way to
> use RC4, or the bias attacks that are crippling ARC4 has not
> withstood cryptanalysis very well at all.

And if one provides a nonce, is it still a dunce?

>
> Perhaps their most grievous errors are errors of omission. The key
> management is lax at best and based on the available information it
> appears to use fixed keys between any fixed group of parties. Not a
> very intelligent, or secure thing to do.

So how intelliegent would it be to include bits of the key in every
message?

>
> The entire system lacks a MAC of any form leading to a vast array of
> security holes and showing the designer to be [at best] amateur.
>
> So to answer the question posed (and fictitiously answered) on the
> Crypto SMS website "Does CryptoSMS protect me?" NO, CryptoSMS does
> not protect you except from the most incompetent pathetic attempts
> ever deviced, it will likely stop your wife from reading about your
> mistress, but it will not stop a cryptanalyst, or a hacker, or law
> enforcement, or anyone else with substantial cryptanalytic skill and
> determination. Joe

So a genius like you could easily crack a CryptoSMS message if posted,
or are you more pathetic and incompetent than some jaded housewife ?

Quantcast