Infinite One-Time Pad, is this product BS?
in [Cryptography]
|
Prev: Certificates
Next: Q: Kerchhoffs' principle
From: john on 30 Jan 2010 01:15 On Jan 30, 2:49 am, biject <biject.b...(a)gmail.com> wrote: > Vanessa john who ever you are your posts sound to me like you have the > same mind for logic as the person pushing the code. - Probably dude that's because we've already used the software and we depend on what we actually experienced - and only two of us in the forum who've done it I guess... I don't care whoever is the author, I'm only after the strength of their software as I've said earlier, I've never seen anything like it, it's not classic. >I am not a first > time poster I often disagree strongly with Mr Herring and Unruh at > least I think I do. > I looked at the Pdf files on the site and I wish I could write as > much as the guy who wrote those things however I did not see any facts > in them. They if anything reminded me of the BS on global warming it > seemed to me to be all hot air. But then again I am not an expert. > For the record Unicity distance is very important to reject this out > of hand is what the main stream crypto people do. I think the three > letter agencies don't want people to know how important it is. > The fact you have dismissed Unicity distance make me wonder if you > really want people to use good secure crypto. - Well, apology if it sounded like I've totally dismissed "unicity distance", it is still of course useful in breaking a cipher - that's classic... however, due to multiple protections of the IOTP including plaintext compression and transformations, unicity distance isn't a great deal anymore dude at least with the IOTP.
From: john on 30 Jan 2010 01:32 > > >The Plain Text changes in length after compression and transformation. > > Not relevant. > - Of course it's relevant dude, that denies the classic unicity distance theory. > > >You will be attacking the > >Transformed Text not the Plain Text. Password, Modification, Secret > >Code > >could be any length. > > So it's not required to be as long as the plaintext? - Certainly dude, if it is then that's classic, if it isn't then that's IOTP.
From: rossum on 30 Jan 2010 05:14 On Fri, 29 Jan 2010 21:43:34 -0800 (PST), john <penetratorv(a)yahoo.com> wrote: >If by design it requires 10000 >SHA-256 in sequence to validate the password to ensure security, do >not use this as a measure. Your lack of cryptographic knowledge is showing. This technique is called "stretching" and is used to slow down brute force attacks. rossum
From: Sebastian Garth on 30 Jan 2010 05:19 Apologies for not reading every single thread - I just wanted to reiterate some of the more obvious problems here: 1) The product developer(s) hasn't disclosed the exact algorithm used, which indicates an unwillingness to subject it to the rigorous mathematical analysis needed to verify it's robustness (and besides the possibility of undiscovered bugs, there is the issue of "back doors"). How in the world could any sane person trust such a program? 2) Any encryption algorithm worth it's salt should be able to send everything "in the clear". Otherwise, it's nothing more than a glorified caesar cypher, and essentially worthless for real-world applications. 3) I may be wrong, but my gut feeling is that just about everyone here advocating this product is most likely affiliated with the company in some way - as a developer, marketer, or what have you. If so, just keep in mind that if such sock-puppetry *is* uncovered, you're going to have a snowball's chance in hell convincing anyone of anything. Not an accusation; just a fair warning. ;) Cheers.
From: john on 30 Jan 2010 05:55
On Jan 30, 10:14 am, rossum <rossu...(a)coldmail.com> wrote: > On Fri, 29 Jan 2010 21:43:34 -0800 (PST), john <penetrat...(a)yahoo.com> > wrote: > > >If by design it requires 10000 > >SHA-256 in sequence to validate the password to ensure security, do > >not use this as a measure. > > Your lack of cryptographic knowledge is showing. This technique is > called "stretching" and is used to slow down brute force attacks. > > rossum - Whatever you call that dude, it won't bother me at all, you can copy- paste all your cryptographical terms here, it's free. I rather don't go off-topic or repeat things over and over again just to show to the world that I'm an expert of SHA-0, SHA-1, 256, 384, 512 huh! You can go over the past posts to see how a brute force attack is just not enough to break the iotp. John Springfield "There's only one thing I know in this world and that is that I know nothing - Socrates" |