Re: What is the best crypt-Software?

"Joseph Ashwood" <ashwood@xxxxxxx> wrote:

"DasFox" wrote in message news:ihlndd$2fe$1@xxxxxxxxxxxxxxxxxx

On Mon, 24 Jan 2011 17:25:17 -0800, Joseph Ashwood wrote:

DasFox's recommendation AXCRYPT, the apparently primary developer for the
product actually has an offer in the FAQ to provide the programming to
break
the encryption "typically it'll vary between USD/EUR 50 to 250" so I'm
fairly confident in saying don't use it.

EXPLAIN...a Tech deserves as much...

You are being DIS NOTGENIUOS...he said he would attempt a BRUTE FORCE
only on certain conditions...PASSPHRASE LOST...

"There is a special case where I could possibly help you. If you think
you know your passphrase, but not quite, or if it's less than 5
characters long - then I can write and adapt a special program that
will try many combinations automatically. This is called a brute force
attack.

I freely admit to simply scanning through the document. That section drew my
attention first because it has numbers in it, these generally highlight
useful parts for analysis.

The reason I condemned the product from that section is multi-fold:
Any system where such attempts are advertised represents a conflict of
interest. Would you ever trust a lawyer that said "For 250 Euros I'll tell
you how to make my client plead guilty" I know I wouldn't, especially if he
advertised it.

It placed a specific value on the integrity of the system (maximum 250
Euro), even if this is only under limited circumstances that is suspiciously
low.

In any system that meets the security statements alleged the break or no pay
section would result in too much failure. Take a reasonable situation where
the user believes they remember one more character than they actually
remember, this would result in a failure rate of roughly 99% all by itself.
But the (allegedly legitimate) user has no risk because of the guarentee.
Its an attacker's dream section "Hey I'll do the work for you, and if it
doesn't work, you don't have to pay me." Result: Attack = Free.

There are really only two conclusions to be drawn about the product as a
result of that section. Either the author is very bad at math (which would
immediately doom the security of the system), or the author has a back door
(which would immediately doom the security of the system). It doesn't matter
which one is correct, the result remains that the security of the system is
doomed.

Its amazing how much a single mistake can reveal. Much like the rest of
cryptography, a single mistake, even one seemingly completely innocent, can
completely doom the entire security.
Joe

Joe, you are being a jerk again. Your crypto tech skills are
unquestioned.. your attitude toward admitting a mistake is a foot
thick and a mile wide.
You glanced at a document for a product you didn't even bother to
analyze in any depth at all, made a snap judgment based on a misread
of a section, and flung a post out here.

Then you create a straw man defining an offer to recover passwords to
be a 'mistake' (other firms do it - most data recovery firms will -
they just dont refund your money).

Don't be a jackass just because you goofed. Admit you misread the FAQ.
You bash the hell out of people here for not doing good technical
analaysis, and then you spend a thread on ad hominem arguments about
the technology based on YOUR imputed motives of the author.

Axcrypt actually works quite well and properly implements AES (from
all indications). Anything else is a local user problem - it's
certainly secure enough for any operating system being used to read
these posts, and most of the people doing so.

Just admit you screwed up on this one and move on.
--
2+2!=5 even for extremely large values of 2
.

Relevant Pages

  • Re: What is the best crypt-Software?
    ... product actually has an offer in the FAQ to provide the programming to ... FURTHER that you haven't read the FAQ with discernment...REREAD...LOW ... (which would immediately doom the security of the system). ...
    (sci.crypt)
  • Re: What is the best crypt-Software?
    ... product actually has an offer in the FAQ to provide the programming to ... In any system that meets the security statements alleged the break or no pay ... Its amazing how much a single mistake can reveal. ... Admit you misread the FAQ. ...
    (sci.crypt)
  • Re: What is the best crypt-Software?
    ... product actually has an offer in the FAQ to provide the programming to break ... Either the author is very bad at math (which would immediately doom the security of the system), or the author has a back door. ... Much like the rest of cryptography, a single mistake, even one seemingly completely innocent, can completely doom the entire security. ...
    (sci.crypt)
  • Re: Can any one please explain me Access Security
    ... programming and using the Access database the problem is i want to retain ... So I want to know the complete architecture of the Access Security. ... Follow the link on my web site to the FAQ. ...
    (microsoft.public.access.security)
  • RE: Career Choice
    ... Almost all PD and SO's have volunteer programs. ... now finishing up my Bachlers degree in Network Security. ... > you how much programming experience helps. ... My current studies have only one programming language course ...
    (Security-Basics)