Re: What is the best crypt-Software?
- From: Spinner <nospam@xxxxxxxxxx>
- Date: Sun, 30 Jan 2011 04:32:14 -0500
"Joseph Ashwood" <ashwood@xxxxxxx> wrote:
"DasFox" wrote in message news:ihlndd$2fe$1@xxxxxxxxxxxxxxxxxx
On Mon, 24 Jan 2011 17:25:17 -0800, Joseph Ashwood wrote:
DasFox's recommendation AXCRYPT, the apparently primary developer for the
product actually has an offer in the FAQ to provide the programming to
the encryption "typically it'll vary between USD/EUR 50 to 250" so I'm
fairly confident in saying don't use it.
EXPLAIN...a Tech deserves as much...
You are being DIS NOTGENIUOS...he said he would attempt a BRUTE FORCE
only on certain conditions...PASSPHRASE LOST...
"There is a special case where I could possibly help you. If you think
you know your passphrase, but not quite, or if it's less than 5
characters long - then I can write and adapt a special program that
will try many combinations automatically. This is called a brute force
I freely admit to simply scanning through the document. That section drew my
attention first because it has numbers in it, these generally highlight
useful parts for analysis.
The reason I condemned the product from that section is multi-fold:
Any system where such attempts are advertised represents a conflict of
interest. Would you ever trust a lawyer that said "For 250 Euros I'll tell
you how to make my client plead guilty" I know I wouldn't, especially if he
It placed a specific value on the integrity of the system (maximum 250
Euro), even if this is only under limited circumstances that is suspiciously
In any system that meets the security statements alleged the break or no pay
section would result in too much failure. Take a reasonable situation where
the user believes they remember one more character than they actually
remember, this would result in a failure rate of roughly 99% all by itself.
But the (allegedly legitimate) user has no risk because of the guarentee.
Its an attacker's dream section "Hey I'll do the work for you, and if it
doesn't work, you don't have to pay me." Result: Attack = Free.
There are really only two conclusions to be drawn about the product as a
result of that section. Either the author is very bad at math (which would
immediately doom the security of the system), or the author has a back door
(which would immediately doom the security of the system). It doesn't matter
which one is correct, the result remains that the security of the system is
Its amazing how much a single mistake can reveal. Much like the rest of
cryptography, a single mistake, even one seemingly completely innocent, can
completely doom the entire security.
Joe, you are being a jerk again. Your crypto tech skills are
unquestioned.. your attitude toward admitting a mistake is a foot
thick and a mile wide.
You glanced at a document for a product you didn't even bother to
analyze in any depth at all, made a snap judgment based on a misread
of a section, and flung a post out here.
Then you create a straw man defining an offer to recover passwords to
be a 'mistake' (other firms do it - most data recovery firms will -
they just dont refund your money).
Don't be a jackass just because you goofed. Admit you misread the FAQ.
You bash the hell out of people here for not doing good technical
analaysis, and then you spend a thread on ad hominem arguments about
the technology based on YOUR imputed motives of the author.
Axcrypt actually works quite well and properly implements AES (from
all indications). Anything else is a local user problem - it's
certainly secure enough for any operating system being used to read
these posts, and most of the people doing so.
Just admit you screwed up on this one and move on.
2+2!=5 even for extremely large values of 2
- Re: What is the best crypt-Software?
- From: DasFox
- Re: What is the best crypt-Software?
- Prev by Date: Re: Quantum cryptography
- Next by Date: Re: csprng?
- Previous by thread: Re: What is the best crypt-Software?
- Next by thread: Re: What is the best crypt-Software?