Re: ADVERT: Secure communications

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

There are some things I find tricky about this. I encourage the author
to continue all efforts to make good software--we all know the world
could use the help--but the way the page reads in some places sounds, to
put it quite bluntly, like something I might have written before I knew
much about cryptography.

"The use of the L15 Stream Cipher which is a technological superiority
in itself."

I would have my doubts about even the revered Rijndael if the only
security analysis on it in existence were by its author. Have you made
any effort to have it independently analyzed? It's fair to use a cipher
you created--if Ron Rivest can do it, so can you--but a little more
evidence is in order to claim that it is a "technological superiority".

sci.crypt readers: I would like to request, on Robin Carey's behalf,
comment by experienced cryptanalysts on the L15 algorithm. You can find
code and descriptions, as well as security analysis by the author, at
http://www.leopard.uk.com/ .

"E-mail is encrypted using the RSA public-key cryptosystem thus
eliminating security risks from symmetric ciphers."

I'm assuming this means RSA without hybridizing with a symmetric cipher.
Are you saying the entire message is encrypted, block by block, with
RSA? Though with a short message like the typical e-mail it wouldn't be
too bad, doing RSA on an entire message is rather computationally
expensive. Meanwhile, it's rather likely that running AES-256 on the
message four times, a different key each time, is far more intractable a
problem, despite most entirely non-fatal flaws we may find in AES in the
future, than encrypting a whole message block-by-block with a 2048-bit
RSA key, and the running time would (or could) be significantly lower.
It would be hard to make a case that the symmetric cipher, when
implemented correctly and used in the right mode, is the weak link in
the typical strong cryptosystem.

"Unorthodox (reversed) RSA encoding of data should provide a higher
level of security relative to orthodox implementations."

What kind of reversing are we talking about here? Do you mean reversing
the order of bytes in the plaintext or ciphertext? (You can't possibly
mean running a decryption instead of an encryption--they're the same
thing in RSA.) In any case, this sounds to me like added security
through obscurity, but no additional real security.

"Digital signatures are encrypted thus eliminating security risks from
cryptographic hash functions (most of which have recently discovered
security issues)."

On a typical cryptographic platform, such as PGP, it's typical to have
the signature encrypted as part of the plaintext. In that situation,
this feature isn't novel. If the message isn't encrypted, it doesn't
matter whether the signature is encrypted or not; if the plaintext is
visible and the hash algorithm (or even a list of, say, 100 possible
hash algorithms) is known, we can easily find the hash.

Additionally, I find it somewhat dubious that the only verification for
your download is an MD5 digest. Of any crypto hash algorithm that's
even conceivable to continue using, MD5 is probably among the weakest.
Why no SHA-1? SHA-512? PGP signature?

"It is distributed under a software license which mandates that it may
not be used for terrorism, paedophilia or crimes against humanity."

As admirable a notion as this is, we are talking about _the bad guys_
here. If your user is a terrorist, pedophile, or criminal against
humanity, I have my doubts that a little software license will stand in
the way of his mission. Still, I understand that this is primarily
symbolic--you can't be faulted.

Of course, I could be wrong about any of these things. That's what's so
great about USENET--peer review. :-)

Good luck
PSM

Robin Carey wrote:
C12-GAMMA is a finalised branch of Caesarion v12; a free software
product for the FreeBSD and Linux operating systems.

The software provides secure (E-mail) communications facilities;
communications secrecy, user-authentication and data-integrity
verification.

http://www.caesarion.org.uk


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFFQmE3ei6R+3iF2vwRAtJnAJ4vIws6mw2vdbTNSfuYQe1GtpSFDACfSX9U
znRLxjZyWOMLjG9wA8wi+54=
=+w8R
-----END PGP SIGNATURE-----
.

Relevant Pages

  • Re: Reverse usage of public/private RSA encryption keys for licensing?
    ... However I would not transfer the hash twice (once ... Use VerifyData to verify signature using your data. ... I generate a RSA private and public key via: ... >>>> encrypting the hash bytes? ...
    (microsoft.public.dotnet.security)
  • Re: Reverse usage of public/private RSA encryption keys for licensing?
    ... However I would not transfer the hash twice (once ... Use VerifyData to verify signature using your data. ... I generate a RSA private and public key via: ... >>>> encrypting the hash bytes? ...
    (microsoft.public.dotnet.framework)
  • Re: Password hashes
    ... There are only LM and NTLM hashes. ... There is an NTLMv2 hash but it is not stored. ... authenticating to the network. ... Auditing and reviewing the security logs ...
    (microsoft.public.windowsxp.security_admin)
  • Re: rsa implementation question
    ... > There is a notion of blocks in many public-key ciphers, ... It's not about decrypting to sign, encrypting to ... as it would mean that you'd have to find hash collisions. ... I generate a signature for a string "some string" with SHA. ...
    (comp.lang.python)
  • Re: Password hashes
    ... NTLM hash as the key. ... There is however no locally stored NTLMV2 hash of passwords. ... Auditing and reviewing the security logs ... secure their network and data and the documentation to do such at TechNet ...
    (microsoft.public.windowsxp.security_admin)