Re: Axcrypt program

From: splidet (splidet_at_hotmail.com)
Date: 07/19/05 

Date: 19 Jul 2005 00:58:51 -0700

Hello,

I am the author of AxCrypt.

Sebastian Gottschalk wrote:
> ross@nospam.com wrote:
>
> > Sounds good, to me - but I'm not knowledgeable enough to assess how good the
> > implementation is. Does it have any weaknesses known to readers here?
>
> Due to it's partially written in Delphi, the ABI compatibility is bad. You
> can't compile the C++ part without anything else other than Borland C++
> Builder, or it won't work. No, it's not just the calling convention thing.

I think Mr. Gottschalk is thinking of a different program here. AxCrypt
is written in C/C++, and will compile nicely with Visual Studio .NET
2003 so most people with basic Visual Studio skills will be able to
ensure they are using a version derived from the source provided. I'm
sorry that I've not been able to find a free alternative development
environment, but to recompile AxCrypt you'll have to use a commercial
product.

As I'm a latecomer to the discussion, I'll also touch on some points
mentioned later in this thread.

Can you be sure that the executable installer is derived from the
source provided? No, you cannot. Period.

But I *do* certify that that is in fact the case. The installer is
digitally signed by me, for what it's worth. So you can at least be
reasonable sure that if something in fact is wrong with it, you'll know
where to go to complain. And I can be very sure that if you do have a
complaint, it's actually about something that I have released. The
actual exectuables are in turn digitally signed with an elliptic
curve-based scheme and verified at runtime, thereby reducing the risk
of undetected malicious corruption of the installed executables.
Obviously this does not handle a directed specific attack against
AxCrypt, but a typical virus/trojan infection will be detected.

So please, do check the digital signature and don't install an unsigned
AxCrypt.

As for the implementation correctness, the actual core cryptograhic
primitives are not written by me. I use other public domain
implementations, that are independently, and by me personally, verified
to correctly represent AES-128 and SHA-1 respectively.

The real problem of course is whether the pseudo random number
generator is correct, if the entropy collection is good enough and
finally and most importantly - if the application of the cryptographic
primitives are correctly done. Someone did point out that this is where
the most likely spot for weaknesses are, and I agree. For that reason
I've tried to stay away from anything but tried and proven methods and
modes.

That's why it's open source, so there's at least a theoretical
possibility to verify it. Please do, if you have the skill and the
means! Also please post your findings, good or bad - with details
explaining why especially for any potentiall weaknesses so I can either
fix it, or provide a rationale if it's a design decision.

Svante