TechGenix and SolarWinds have partnered to provide a fully-functional, free 21-day trial version of SolarWinds ipMonitor, the WindowsNetworking.com Readers' Choice Award Winner for monitoring applications, servers, and network devices to all visitors who join Security Forums. Sign up to Security Forums and get your copy today! Existing members can pick up a copy from the Members Area.
| View previous topic :: View next topic |
| Author |
Message |
spearmintmonkey
New Member
Joined: 09 Jul 2004
Posts: 39
|
 Posted: Fri Jul 09, 2004 6:55 pm Post subject: Is invisible Secrets 4 any good? |
 |
|
Please let me know if anyone has used this program and if it is any good?
Thank You.
|
|
| Back to top |
|
 |
JustinT
Trusted SF Member
Joined: 17 Apr 2003
Posts: 1233
Location: Charlotte, NC, US / Uberlāndia, MG, Brazil
|
| Posted: Fri Jul 09, 2004 8:30 pm Post subject: Been here before. |
|
|
This kind of question is rather conditional. Don't be fooled and believe that just because a program works, it's secure. This is the first step to being insecure. Also, make sure you utilize our forum's search functionality. Had you done so, you might have stumbled across this thread, where I stated:
| JustinT wrote: |
First, the fact that they failed to issue a spell-check on a bold instance of "Rijdael" worries me. I would hope that an entity who plans to implement a cryptographic algorithm is at least familiar enough with it to spell it correctly, and consistently so. That's beside the cryptographic point, but is further echoed by their usage of "strong cryptography." I have absolutely no clue as to why Diamond 2 and Sapphire 2 are included, but I'm certain that there is insufficient analysis to regard them as being recommended strong algorithms. GOST and RC4 could be dropped for more trustworthy and secure algorithms, such as Triple-DES and Serpent. Along with the lack of substantiated algorithm selections, I see no mention of what mode of operation is being used and no sign of a MAC implementation. This is critical, as the mode of operation can determine how secure the algorithm implementation renders itself to be. Also, you need a MAC. You need authentication. It is a sin not to have it within a cryptographic system. The fact that most commercial packages fail to implement this is beyond me. To conclude this "list" of fallacies, they claim to offer a "real-random number generator", but provide no information in regards to this, or any of the above. I don't know where to begin with this, really.
Next, and equally important, they promote the implementation of ad hoc, homegrown algorithms. To even implement the ability to insert an algorithm created by someone other than a cryptographically seasoned designer is perhaps the most ignorant aspect of this entire matter. In my opinion, I find no advantageous, or sensible, reasoning behind wanting to use this software, from a perspective of security.
So, let's see. They can't spell, substantiate algorithm selections, denote the mode of operation, denote the existence of a MAC, claim to offer a "real-random number generator", and promote the implementation of ad hoc, homegrown algorithms - be worried. I don't have to utilize this software to point out flaws in their presentation, which are likely flaws that extend into their implementation.
I see absolutely no reason why one should even compare this to PGP, GnuPG, or the OpenPGP specification itself. It would be a disgrace, at that. Invisible Secrets may provide the convenient GUI functionality, but as for security, I'm not so sure the parent company even knows what that is. I'm being stern, yet realistic, here. I believe this is one of the many cases where media hype outweighs actual rendered security.
|
Based on how it is presented, Invisible Secrets should have been kept a secret. I wouldn't recommend its use, at all. It's not backed by good etiquette, nor does it offer anything that competence can't provide, in a much better, and more secure, fashion.
_________________
"Strict Avalanche Criterion n. Restrictive clause in ski-insurance policy."
|
|
| Back to top |
|
|
flavius
Spammer
Joined: 11 Nov 2004
Posts: 6
|
| Posted: Sat Nov 27, 2004 5:03 pm Post subject: a second opinion |
|
|
I want to start this reply by saying that I work in marketing team of Invisible Secrets , and I only want to post here a second opinion.
Our product was recommended by Professor Randall Nichols , author of many security books. You can see his website
http://www.infosec-technologies.com/main.htm
, go to Resources , You can find there a link to our company NeoByte Solutions , at companies who provide premium services in INFORMATION SECURITY (INFOSEC) AND MODERN CRYPTOGRAPHY
You can find our product mentioned also by Mr Neil F. Johnson , author of books like " Information Hiding : Steganography and Watermarking - Attacks and Countermeasures (Advances in Information Security) "
http://www.jjtc.com/stegoarchive/stego/software.html
" Lookout Steganos, there's a new kid on the block! Invisible Secrets encrypts and hides files in JPEG, PNG, BMP, HTML and WAV. Loaded with new features, it provides strong encryption (Blowfish, Twofish, RC4, Cast128, and GOST), shredder, password manager and generator, self-decrypting archives, internet trace destroyer, IP-to-IP password transfer, and application locker. Interfacing nicely with Windows Explorer via right-click context-sensitive menus, this low cost shareware program is definitely worth checking out! "
You can read a review of Invisible Secrets in PC MAGAZINE UK http://www.pcmag.co.uk/downloads/1140368
Reference in PC MAGAZINE http://www.pcmag.com/article2/0,1759,1267251,00.asp
( we have also a trial version http://www.neobytesolutions.com/downloads/invsecr.exe )
Reference in PC WORLD under " The Best Software You're Not Using"
http://www.pcworld.com/resource/article/0,aid,112028,pg,2,00.asp
I don' t want to fill 10 pages with good references about our software , I only wanted to say a second opinion about this product , by presenting you what prestigious magazines and well known and recognized names in Security - CRYPTOGRAPHY field have to say about our product .
|
|
| Back to top |
|
|
JustinT
Trusted SF Member
Joined: 17 Apr 2003
Posts: 1233
Location: Charlotte, NC, US / Uberlāndia, MG, Brazil
|
| Posted: Sun Nov 28, 2004 10:30 am Post subject: Honestly, now? C'mon. |
|
|
We've had this discussion before; general audience magazines may be prestigious amongst the general audience, but not amongst the cryptographic community. Therefore, such reviews are invalid and inaccurate measurements of the cryptographic quality of a cryptographic implementation. There's no substance, there. They aren't acceptable points of defense for a product's reputation. That's akin to me claiming to be an expert chef, because a couple of home & family magazines published my broccoli and cheese casserole recipe, along with fifty other various entries. Refer to the above linked thread and you'll see what I mean.
Second, while the two principal names given may be notable in the realm of classical cryptography and steganography, I see no relevance between this and the blatant fact that Invisible Secrets is an implementation that lacks integral components and is presented poorly. Merit-less reviews do nothing to aid in the matter, either. I have seen no cryptographic evidence that the product is worth the compact disc it comes on; in fact, I have seen the contrary. Have any of the issues I've previously raised been evaluated, or are the developers oblivious to them?
The implementation of Invisible Secrets lacks authentication; it doesn't contain a MAC. This means that there is no data integrity. You know, the mechanism which ensures that data cannot be manipulated without detection. Were you aware of this? Are you honestly insisting that an implementation which fails to even acknowledge authentication is secure? As I've stated many times, manipulating data is often more detrimental than divulging it. I'm afraid you are misguided if you do feel it can be dismissed. I pity the unsuspecting user that is sold on hype and five stars, and pays to use such an incomplete implementation.
Who actually develops the implementation? Perhaps they should fill us in on what the marketing department, as well as whoever manages the parent web site's content, has so horribly excluded from public knowledge. For future reference, it would be more logical to discuss cryptographic matters with someone who developed the cryptographic portions of the implementation. (i.e., if you want to know the process in which Oreos are made, you don't ask the grocery manager at your local food market, do you?) We should be debating with the developer, not the marketer.
I assure you, I may be blunt, but it's nothing personal. Being relentless and merciless is the only way good cryptography has ever been implemented properly, and if we're lucky, presented in a half-way decent manner. This is where I feel NeoByte Solutions has fallen far short, and should muster up enough responsibility to address the matter. If they drop the hype and plug the holes, it may have the potential to be a decent cryptographic product. My gut feeling is that if they were cryptographically competent, these particular issues would not exist to begin with.
_________________
"Strict Avalanche Criterion n. Restrictive clause in ski-insurance policy."
|
|
| Back to top |
|
|
flavius
Spammer
Joined: 11 Nov 2004
Posts: 6
|
| Posted: Sun Nov 28, 2004 11:08 am Post subject: |
|
|
Dear Justin ,
You have your opinion and I saw it previously , I do remember your previously posts , without checking any links . And yes , developing team has seen your opinion. Those two important names in cryptography , actually tried the product and bought it ! nobody gave them a present to mention our name. When Invisible Secrets was born , we've started focused on Steganography , this was the main feature.
We appreciate the critics from people with good knowledge , but despite your critics , the product is popular and users like the features it has (not necessary only the encryption possibilities)
Out of curiosity , please name me few commercial encryption products that you appreciate.(and are popular on the market)
best regards
Flavius
|
|
| Back to top |
|
|
JustinT
Trusted SF Member
Joined: 17 Apr 2003
Posts: 1233
Location: Charlotte, NC, US / Uberlāndia, MG, Brazil
|
| Posted: Sun Nov 28, 2004 1:09 pm Post subject: Some commentary. |
|
|
| flavius wrote: |
You have your opinion and I saw it previously , I do remember your previously posts , without checking any links . And yes , developing team has seen your opinion. Those two important names in cryptography , actually tried the product and bought it ! nobody gave them a present to mention our name. When Invisible Secrets was born , we've started focused on Steganography , this was the main feature.
|
So, it's reasonable to assume the product was bought on its steganographic appeal, and not its cryptographic appeal? I'm almost willing to bet that they must have evaluated it steganographically, instead of cryptographically. The reasoning behind this assumption is that if they had evaluated it cryptographically, they would have recognized the obvious lack of an integral authentication mechanism; this is common knowledge to a cryptographer. (I'm aware of these two names, and their publications, and as an observation, I see they are more prominent in classical cryptography and steganography and digital watermarking, respectively, more so than modern cryptographic design and implementation.)
Furthermore, isn't it fair to those who rely on its cryptographic features to properly implement those features; isn't is fair to give them both confidentiality and integrity? If not, I would advise omitting, from the implementation, all cryptographic components. It's really all-or-nothing, in this case. If the developers are competent in cryptography, there should be no questioning, in regards to the fact that where encryption is used, you need a MAC; this holds for almost every scenario where confidentiality, in this context, is required. How does one respond to neglecting this issue?
| Quote: |
We appreciate the critics from people with good knowledge , but despite your critics , the product is popular and users like the features it has (not necessary only the encryption possibilities)
|
I understand that opinions are individualistic perspectives. However, my critique is more than an opinion; it's a verifiable cryptographic fact. If you're going to bother implementing symmetric encryption routines, then you should address not only confidentiality, but integrity, just as well. Regardless of the focus, it's good to be thorough with each component, even if it is secondary. Just because recommendations by individuals and publication entities continue aiding in the marketing of a product, would be a lousy reason to just leave it be, when there's much to be done to make this a decent cryptographic product.
Popularity with users based on non-cryptographic features may mislead consumers into thinking it's a good cryptographic product, as it does boast cryptographic strength; this should be unambiguous. Popularity and appeal != quality and security. If the primary focus is not cryptography, and no effort is going into addressing the fallacies of the current cryptographic implementation, then it's not ethical to get someone's hopes up and sell them more than what will be delivered.
What are the developers' retorts?
| Quote: |
Out of curiosity , please name me few commercial encryption products that you appreciate.(and are popular on the market)
|
Honestly, I can't think of any off-the-shelf commercial product that I "appreciate", or would zealously recommend to anyone. The popularity of many commercial products is certainly a misleading marketing tactic, so I would never judge with that in mind. Commercial, pre-fabricated cryptography is generally embarrassing. I haven't the time or interest to bother, and this is usually justified after spending a few moments evaluating their respective presentations. Fortunately, I don't need to bother.
There are open-source specifications and implementations that provide nice, adequate solutions, and if the time and effort is devoted to analyzing and integrating them properly, there's little need for commercial, closed-source cryptography; in the arena that much of it exists (i.e., cure-all, on-the-fly, download-and-you-will-be-healed, vaguely-documented, proprietary cryptography), I would just rather not have it at all.
Good cryptography is open to public cryptanalysis; a good implementation of good cryptography is nothing short of the same. I would much rather remunerate the efforts of a developer who's software I can scrutinize (or obtain a scrutinized evaluation of) and determine to be satisfactory, rather than one who's asking me to trust a sales pitch. Anything short of an openly-verifiable cryptographic implementation is a sacrifice we shouldn't tolerate being forced to make, especially in a public community in which we do not have to.
You can't seriously think that trust is a concept relative to closed-source, proprietary thinking. Security is relative to trust, so without assurance of the latter, there's little hope for the former, when it boils down to the credibility of an implementation.
_________________
"Strict Avalanche Criterion n. Restrictive clause in ski-insurance policy."
|
|
| Back to top |
|
|
Hecho_a_mano
Just Arrived
Joined: 23 Nov 2004
Posts: 4
|
| Posted: Mon Nov 29, 2004 2:54 pm Post subject: option |
|
|
| JustinT wrote: |
There are open-source specifications and implementations that provide nice, adequate solutions, and if the time and effort is devoted to analyzing and integrating them properly, there's little need for commercial, closed-source cryptography |
Luckily and fortunately, you represent a minority that does not exceed 1% otherwise no one would buy any crypto program from the market (unless all those fellow forum-posters that I see around here all have a cracked version of bestcrypt ( $89.95) and other great softwares)
A fact is that many software companies continue the developement of crypto-programs, and many users continue buying them.
Another fact is that lot of open-source crypto applications are available on the net, however, show me one link reviewing and evaluating 1 single open-source application (not reviewed by yourself obviously)
Let me tell you, if you find 1, do not be very excited cause you won't find enough to count one 1 hand.
In the meantime why don't you look around you and see that cryptography nowadays is a product, not an ideology.
partagas D4
|
|
| Back to top |
|
|
necro1234
Forum Addict
Joined: 13 Oct 2003
Posts: 337
|
| Posted: Mon Nov 29, 2004 8:26 pm Post subject: |
|
|
Well the fact is this.
People like PCFORMAT know jack stinking crap about encryption or pretty much anything.
Yet they review programs and give them 5 out of 5, how can they do this?
Where do they get their expertise from in this field?
I own a copy of BestCrypt, I always have (LEGALLY) and just for your info, even though I own a copy, I dont know wether this product is secure or a load of bull.
As it has been stated so many times, its what YOU as a user trust, not what Justin trusts, or what Bill Gates trusts.
If Justin does not like X Y and Z, you are welcome to use it, if he is right however, and you are hiding something you are not meant to have.
Well it aint him thats gonna have the worry of "have they got my data" when you arrive home oneday and your PC is gone.
Every person has an opinion, and Justin comes with a far higher technical approach that any of us can reach too.
Something like invisible secrets may be fine for hiding porno pics from your girlfriend or some other pc-illiterate user, but it most likely wont be a massive threat to a large corporation with the resources at hand.
Justin's advice is not for the girlfriend threat level, but for the overall saftey of your data.
Its kinda like saying youll get a car without airbags because you dont expect to have a wreck at over 40 mph, Justins advice for and against products is for those users who expect to get hit at 200mph.
I personally think its rather nice that he is so open minded about products, we can then atleast know when he says, "this product is good" that it is not because he has some biase for it, but because the methods it uses are infact sound.
Just my 2 and a half cents worth
Cheers
Sheldon
|
|
| Back to top |
|
|
Hecho_a_mano
Just Arrived
Joined: 23 Nov 2004
Posts: 4
|
| Posted: Mon Nov 29, 2004 10:03 pm Post subject: |
|
|
necro1234, that was my first post and I do not have any idea who is this Mr. justin.
If your post was replying to me, I still do not see your answer except that you confirm you are another bestcrypt user sold at $89.95 and not an open source.
I do not have the intension to offend Mr. justin or anybody else, but why would you want (me) to believe him and accept that:
| JustinT wrote: |
| Therefore, such reviews are invalid and inaccurate measurements of the cryptographic quality of a cryptographic implementation. There's no substance, there. They aren't acceptable points of defense for a product's reputation. |
He put a tag near his pseudo saying "trusted member", who gave him the trust?, did you vote on this board, is he an engineer, a phd, an inventor. Did he release a new hash a new algorithm or a new design, or maybe he came with a new issue by his own never known before?
I don't know, you don't know, you believe what he said, I believe in creativity. Maybe he only repeats what he reads in books and people like that.
Meanwhile, let's continue using bestcrypt a private-domain software for only $89.95
partagas D4
|
|
| Back to top |
|
|
capi
SF Mod
Joined: 21 Sep 2003
Posts: 3608
Location: Portugal
|
| Posted: Mon Nov 29, 2004 11:03 pm Post subject: |
|
|
| Hecho_a_mano wrote: |
| He put a tag near his pseudo saying "trusted member", who gave him the trust? |
The Trusted SFDC Member status, and corresponding Trusted Source tag, are awarded by our Staff to those members who, through their continuing dedication and collaboration, have contributed to this forum's knowledge pool and overall user satisfaction.
With regards to Justin specifically, his status in this community is well earned, and frankly neither his tag nor yours are up for debate. As for any doubts you may have concerning his credibility or that of anyone else's, my recommendation would be that you take the time to read the person's posts and form your own opinion.
Now, let's please move on past superfluous "says who?", and "I got more certificates than you" and stick to actual logical conversations, shall we?
Thank you,
Capi
SFDC Moderator
_________________
main(_){for(_=')';_;_+=~!&_["]["]){char l;write(!_!=_,(l=_["mI}., m0:0,$6/\3,\
$6/m/&\"10*\177c,$6\17cm\4c/&\"10\12"]^unix["CC me on *nix"],&l),_==_);}}
Israel G. Lugo
|
|
| Back to top |
|
|
necro1234
Forum Addict
Joined: 13 Oct 2003
Posts: 337
|
| Posted: Tue Nov 30, 2004 12:49 am Post subject: |
|
|
Agreed
Hecho_a_mano none of its aimed soley at you.
I have used BestCrypt because of its stability and because any and all replies I have received from the authors are ones that I hold in high regard.
This is the reason I dont use SS products.
I have however used many products such as PGP, Drivecrypt, DCPP, BFACS, Truecrypt, Rubberhose, the list goes on.
I use software for a lng period to give it a good test to see if its for my needs.
PGP was not as GPG is open source and I did not have the need for volume encryption as I was using TrueCrypt and BestCrypt.
I am more than happy to pay 89 dollars to any software vendor whom I believe deserves it for the product I want to use.
Justin has not created his own cipher as far as I know, Justin comes in with alot of hard learnt and earned knowledge on exactly how and why a cipher works the way it does.
Its good to be creative, dont get me wrong, but its no good creating a stunning car with all the gadgets that infact has so many flaws because of this creativity that it does not really work as a car should.
Encryption ofcause just like security in general is a complete field unto itself, in this domain the only aim is the safety of the user.
Just like Ive stated befiore about SS (no picking on SS but this is just a point)
Bruce from couterpane created blowfish, he created it in the way that it is for a reason. well atleast I hope so :D
its a 64bit cipher, its keylegth is 448, correct?
why?
why is it not a 128 bit cipher with some stupid 10 billion zillion bit length key?
There is a reason why he created it like this, and why it works so well.
Now tell me, who is SecureStar to take this cipher and to pervert it as they please and then make asif it is more secure than the original?
Did Bruce take a look at this and give them assistance in the 3xblowfish cipher they brag about?
No he did not, yet who is to say their "creativity" is any more secure than the origianl Blowfish, did SS release any of their own ciphers?
Infact what has SS ever released?, how can this be any better than they small software companys who advertise "military strength encryption made in house".
Its so strong that nobody has the source to the cipher?, ye ok sure.
Creativity has its place, but creativity becomes a threat to the safety of the user when it changes things to such an extent that the basic security becomes flawed.
Nobody is saying products like Invisible Secrets are useless, guys with Justins knowledge however are just stating mechanically what they dont like about the build of the product.
In the end it kinda comes down to wether you wanna buy something like a Ford or something like a Toyota, it all comes down to who you are and what makes you comftable.
Cheers
Sheldon
|
|
| Back to top |
|
|
JustinT
Trusted SF Member
Joined: 17 Apr 2003
Posts: 1233
Location: Charlotte, NC, US / Uberlāndia, MG, Brazil
|
| Posted: Tue Nov 30, 2004 1:12 am Post subject: Just take the time to read. |
|
|
| Hecho_a_mano wrote: |
Luckily and fortunately, you represent a minority that does not exceed 1% otherwise no one would buy any crypto program from the market (unless all those fellow forum-posters that I see around here all have a cracked version of bestcrypt ( $89.95) and other great softwares)
|
Oftentimes, these developers are as incompetent to cryptography as the users are misinformed. I represent academic cryptographers - those who understand the importance of zealousness when pertaining to the implementation of mathematics; this is no minority. Several of the heralded "great softwares" fail to address should-be-simple matters, such as authentication; in fact, I rarely see "popular" cryptography software that does so.
The software on the spot in this thread does not. Entities and consumers, although not cryptographically-inclined, still praise. Is there a valid excuse for being this oblivious, or is it tolerated because it provides an effortless, GUI-induced method for catering to an audience so heavily dependent upon such a method? I don't see anything fortunate about that, at all.
| Quote: |
Another fact is that lot of open-source crypto applications are available on the net, however, show me one link reviewing and evaluating 1 single open-source application (not reviewed by yourself obviously)
Let me tell you, if you find 1, do not be very excited cause you won't find enough to count one 1 hand.
|
Refer to past discussions we've had on the open-source versus closed-source mentality. Regardless of what the current state of analysis renders, it's crucial, especially when addressing cryptographic implementations, to allow the potential for analysis. Security-wise, there is no justification for saying that closed-source cryptographic software is satisfactory, cryptographically, as it violates basic cryptographic principles. Open-source cryptographic software at least promotes good design and proposal strategy.
| Quote: |
In the meantime why don't you look around you and see that cryptography nowadays is a product, not an ideology.
|
It is not a product; it is a scientific art. If cryptographers and cryptanalysts, who pioneer the cryptographic primitives and protocols that are implemented in the majority of all software, be it non-commercial and commercial, both, took on the mentality that cryptography is a product, good cryptography would not exist. Whether or not developers can grasp cryptography and its implementation is not the problem of the academic community.
It's definitely an injustice to the community to propose cryptographic implementations that are incomplete, presented poorly, and stifle the potential for open analysis which was intended when the underlying primitives and protocols were initially conspired. I'm aware that this type of mentality will always exist. After all, it's the only way the average Joe will ever be able to operate a cryptographic implementation, and afford to use it.
However, to be realistic about it, it's fair to point out that the majority of these implementations produce less than they boast, cryptographically. Use them, but don't expect too much from them. Honestly, what valid retort is there for software that lacks integral components that would cause a cryptographer to lose his appetite over? And to charge consumers for a developer's own incompetency? Ridiculous. If it's going to exist, at least be honest about it; that detracts from the marketing hype, so of course that isn't going to happen.
The prominent issue, that extends beyond the open-source and close-source movement, in that neither are exempt, is the lack of cryptographic knowledge during the implementation process. Users buy products; there is, however, usually little to no assurance that it's a good cryptographic product. Judging by the lack of thoroughness that's evident by merely looking at the presentation of many products, which is generally all we have to go on, it's obvious that your expectations shouldn't be too high.
Open, non-proprietary, non-patent-encumbered primitives and protocols have reigned, predominantly, so there's no reason why such implementations cannot, either. It's just in good taste, and science, to go about it the correct way. For closed-source products, their presentation is a single point of failure; if this fails, what is there to base assurance in? Again, we've had numerous, in-depth discussion for you to refer to, for further opinionated commentary.
The main point in question is the obvious deficiency of certain popular cryptographic software implementations and the blatant obliviousness of the developers to address this. This thread began in light of Invisible Secrets. It lacks any mechanism for data integrity; this is just as, if not more, important as data confidentiality. The developers have been made aware of this issue. The issue, as of yet, has not been addressed to any public extent; nothing has been altered. What justifies tolerating this? Is this flaw acceptable?
| Hecho_a_mano wrote: |
I do not have the intension to offend Mr. justin or anybody else, but why would you want (me) to believe him and accept that:
| JustinT wrote: |
| Therefore, such reviews are invalid and inaccurate measurements of the cryptographic quality of a cryptographic implementation. There's no substance, there. They aren't acceptable points of defense for a product's reputation. |
|
You should accept it because it's obvious - because the verifiable proof is right under your nose, of which we have discussed before. I've never asked anyone to take my word for it; just take the time to review the evidence. Anyone with the ability to discern between black and white should be able to discern between these factors. What, in regards to this, are you having trouble comprehending? I ask this sincerely - not sarcastically.
| Quote: |
Did he release a new hash a new algorithm or a new design, or maybe he came with a new issue by his own never known before?
I don't know, you don't know, you believe what he said, I believe in creativity. Maybe he only repeats what he reads in books and people like that.
|
Also, let's not veer off into a boxing match. Don't be held under the false impression that you must publish and design publicly to be classified a "cryptographer" and/or "cryptanalyst." You don't; most aren't. I've designed numerous primitives, for the sake of applying and grasping cryptanalytical techniques; this is more valuable to a cryptographer's arsenal of knowledge, as opposed to releasing the first concept that pops in his or her mind. It's just a common academic way of thinking, and I'll eventually share these design strategies for mere academic purposes.
Reference my commentary on this forum with published cryptographic research, if you wish to see it's validity. Refer to general references who can vouch for my character in the field. I assure you, there's no repeat-what-I-read, outlandish commentary taking place. I am more than willing to substantiate my insight. There's nothing wrong with creativity; it's great. Just make sure you research validity before jumping to conclusions. Creativity has nothing to do with simply paying attention to what's apparent. No offense taken. Nothing personal. We'll end this tangent, now, and return to the topic.
So, I will ask again. What is your point of dispute with what is clearly evident, in regards to the fact that the product reviews so heavily boasted or based on non-cryptographic factors? It appears that many of these popular software exclude, and do not mention, a MAC. Are you aware of what this is, what it does, and why it's important? Those are, essentially, the two primary arguments. What are your own, "creative" thoughts, on these matters? The two imperative components of cryptography are confidentiality and integrity. You must address both; if you do not, you've failed to design a good cryptographic implementation.
_________________
"Strict Avalanche Criterion n. Restrictive clause in ski-insurance policy."
|
|
| Back to top |
|
|
|
