Prev: Gollin Lied, Babies Died
Next: The key to cracking any cipher: Elephant.
From: Sal on 7 Apr 2010 17:51
It's called MySecret and it's easier for me to use than GnuPG. I
typically use only symmetric encryption anyway so GPG is overkill. But
before I do any major encryption with it I would like to get the
opinion of some experts. Thanks.

http://www.di-mgt.com.au/mysecret.html
From: unruh on 7 Apr 2010 18:33
On 2010-04-07, Sal <here(a)softcom.net> wrote:
> It's called MySecret and it's easier for me to use than GnuPG. I
> typically use only symmetric encryption anyway so GPG is overkill. But
> before I do any major encryption with it I would like to get the
> opinion of some experts. Thanks.
>
> http://www.di-mgt.com.au/mysecret.html

If it is a blowfish implimentation, you can feed in some tests, with the
appropriate key and see if what comes out is the right encryption, and
nothing but that.
The second issue is the choice of key-- that should be up to you, not
the program.

From: Sal on 7 Apr 2010 22:50
On Apr 7, 3:33 pm, unruh <un...(a)wormhole.physics.ubc.ca> wrote:
> On 2010-04-07, Sal <h...(a)softcom.net> wrote:
>
> > It's called MySecret and it's easier for me to use than GnuPG. I
> > typically use only symmetric encryption anyway so GPG is overkill. But
> > before I do any major encryption with it I would like to get the
> > opinion of some experts. Thanks.
>
> >http://www.di-mgt.com.au/mysecret.html
>
> If it is a blowfish implimentation, you can feed in some tests, with the
> appropriate key and see if what comes out is the right encryption, and
> nothing but that.
> The second issue is the choice of key-- that should be up to you, not
> the program.

Well I tried to compare its output to the ascii-armored output from
GPG with identical key and they are totally different with different
sizes. Any other way to evaluate its encryption strength and whether
the algorithm is implemented correctly?
From: unruh on 8 Apr 2010 00:47
On 2010-04-08, Sal <here(a)softcom.net> wrote:
> On Apr 7, 3:33?pm, unruh <un...(a)wormhole.physics.ubc.ca> wrote:
>> On 2010-04-07, Sal <h...(a)softcom.net> wrote:
>>
>> > It's called MySecret and it's easier for me to use than GnuPG. I
>> > typically use only symmetric encryption anyway so GPG is overkill. But
>> > before I do any major encryption with it I would like to get the
>> > opinion of some experts. Thanks.
>>
>> >http://www.di-mgt.com.au/mysecret.html
>>
>> If it is a blowfish implimentation, you can feed in some tests, with the
>> appropriate key and see if what comes out is the right encryption, and
>> nothing but that.
>> The second issue is the choice of key-- that should be up to you, not
>> the program.
>
> Well I tried to compare its output to the ascii-armored output from
> GPG with identical key and they are totally different with different

Do not look at the ascii armoured output. Look at the raw output (bytes)


> sizes. Any other way to evaluate its encryption strength and whether
> the algorithm is implemented correctly?

If two implimentations differ, then at least one is wrong. I would trust
gpg.

From: Greg Rose on 8 Apr 2010 01:13
In article <slrnhrqnug.eef.unruh(a)wormhole.physics.ubc.ca>,
unruh <unruh(a)wormhole.physics.ubc.ca> wrote:
>On 2010-04-08, Sal <here(a)softcom.net> wrote:
>> On Apr 7, 3:33?pm, unruh <un...(a)wormhole.physics.ubc.ca> wrote:
>>> On 2010-04-07, Sal <h...(a)softcom.net> wrote:
>>>
>>> > It's called MySecret and it's easier for me to use than GnuPG. I
>>> > typically use only symmetric encryption anyway so GPG is overkill. But
>>> > before I do any major encryption with it I would like to get the
>>> > opinion of some experts. Thanks.
>>>
>>> >http://www.di-mgt.com.au/mysecret.html
>>>
>>> If it is a blowfish implimentation, you can feed in some tests, with the
>>> appropriate key and see if what comes out is the right encryption, and
>>> nothing but that.
>>> The second issue is the choice of key-- that should be up to you, not
>>> the program.
>>
>> Well I tried to compare its output to the ascii-armored output from
>> GPG with identical key and they are totally different with different
>
>Do not look at the ascii armoured output. Look at the raw output (bytes)
>
>
>> sizes. Any other way to evaluate its encryption strength and whether
>> the algorithm is implemented correctly?
>
>If two implimentations differ, then at least one is wrong. I would trust
>gpg.

Actually, I think GPG uses a slightly unusual
chaining mode. Something to do with the IV or
first block being offset by two bytes. So the
outputs wouldn't be the same even if both
implementations were correct.

But I could be misremembering, too...

Greg.
--
 |  Next  |  Last
Pages: 1 2
Prev: Gollin Lied, Babies Died
Next: The key to cracking any cipher: Elephant.