Infinite One-Time Pad, is this product BS?
in [Cryptography]
|
Prev: Certificates
Next: Q: Kerchhoffs' principle
From: Bruce Stephens on 30 Jan 2010 06:49 john <penetratorv(a)yahoo.com> writes: > On Jan 30, 10:19 am, Sebastian Garth <sebastianga...(a)gmail.com> wrote: [...] >> 1) The product developer(s) hasn't disclosed the exact algorithm used, >> which indicates an unwillingness to subject it to the rigorous >> mathematical analysis needed to verify it's robustness (and besides >> the possibility of undiscovered bugs, there is the issue of "back >> doors"). How in the world could any sane person trust such a >> program? >> > - Why is this important? You mean every single software in the world > need to undergo analysis to verify if they're trustworthy? What > particular agency is doing that - You? Anyway, I can't blame you if > you're too careful in using computer programs - that's your choice > dude. Why trust this software rather than one (like GnuPG) which *has* been examined closely? Or at least choose encryption systems which say exactly what algorithms and protocols they use. If you want a system basically for entertainment then fine, use IO-TP or whatever else looks flashy. Just don't pretend it's the bestest encryption program in the whole world. [...]
From: john on 30 Jan 2010 07:20 On Jan 30, 11:49 am, Bruce Stephens <bruce +use...(a)cenderis.demon.co.uk> wrote: > > Why trust this software rather than one (like GnuPG) which *has* been > examined closely? Or at least choose encryption systems which say > exactly what algorithms and protocols they use. > > If you want a system basically for entertainment then fine, use IO-TP or > whatever else looks flashy. Just don't pretend it's the bestest > encryption program in the whole world. > > [...] - Generally you're right dude but if iotp is the best for me, it doesn't necessarily mean that it's also the best for you - it's a matter of choice dude. Anyway I'm having my exit now, I appreciate all your deep crypto-knowledge dudes - thanks for your time... - John Springfield "The people may be made to follow a path of action, but they may not be made to understand it" - Confucius
From: Phoenix on 30 Jan 2010 08:58 The IO-TP author (Rolando Santiago) says: "Infinite One-Time Pad works on both the key and the plain text to produce a ciphertext that cannot be analyzed. The plain text is compressed and transformed. The key is also transformed using series of different irreversible algorithms. The compression information is already lost and cannot be recovered from the ciphertext." We want/need/must to know the "irreversible algorithms". And another question is: And about the speed performance?
From: unruh on 30 Jan 2010 12:46 On 2010-01-30, john <penetratorv(a)yahoo.com> wrote: > On Jan 30, 10:19?am, Sebastian Garth <sebastianga...(a)gmail.com> wrote: >> Apologies for not reading every single thread - I just wanted to >> reiterate some of the more obvious problems here: >> >> 1) The product developer(s) hasn't disclosed the exact algorithm used, >> which indicates an unwillingness to subject it to the rigorous >> mathematical analysis needed to verify it's robustness (and besides >> the possibility of undiscovered bugs, there is the issue of "back >> doors"). ?How in the world could any sane person trust such a >> program? >> > - Why is this important? You mean every single software in the world > need to undergo analysis to verify if they're trustworthy? What > particular agency is doing that - You? Anyway, I can't blame you if > you're too careful in using computer programs - that's your choice > dude. No. Every single cryptographic piece of software should. As I have stated there is no way of verifying that a piece of cryptographic software is good (ie effectively hides your messages) by simply looking at the input and output. The only way of doing so is to verify the algorithm and the internal workings of the actual piece of code. It is a MUST for cryptographic software. No Agency, just every user should be able to do so. anyone who does not is purveying junk and the user deservers what he gets if he uses such software.
From: rossum on 30 Jan 2010 16:33
On Sat, 30 Jan 2010 02:55:48 -0800 (PST), john <penetratorv(a)yahoo.com> wrote: >On Jan 30, 10:14 am, rossum <rossu...(a)coldmail.com> wrote: >> On Fri, 29 Jan 2010 21:43:34 -0800 (PST), john <penetrat...(a)yahoo.com> >> wrote: >> >> >If by design it requires 10000 >> >SHA-256 in sequence to validate the password to ensure security, do >> >not use this as a measure. >> >> Your lack of cryptographic knowledge is showing. This technique is >> called "stretching" and is used to slow down brute force attacks. >> >> rossum > >- Whatever you call that dude, it won't bother me at all, you can copy- >paste all your cryptographical terms here, it's free. I rather don't >go off-topic or repeat things over and over again just to show to the >world that I'm an expert of SHA-0, SHA-1, 256, 384, 512 huh! You can >go over the past posts to see how a brute force attack is just not >enough to break the iotp. > >John Springfield Your ignorance of the purpose of cryptographic stretching is noted. Such ignorance only confirms that your advice on the quality of cryptographic software is worth precisely what we are paying for it. rossum |