Hi guys, If I could get access to the source, understand all of it fully, and understand how it will act under Win95 with whatever compiler they used, I could probably write my own. So I guess it comes down to trust. Thanks for the replies. Bye for now.
-----Original Message----- From: David Honig [SMTP:honig@otc.net] Sent: Saturday, January 24, 1998 5:08 AM To: Pearson Shane; 'William H. Geiger III' Cc: 'cypherpunks@toad.com' Subject: RE: FW: Symantec Norton, Your Eyes Only.
At 03:46 PM 1/23/98 +1100, Pearson Shane wrote:
Hi William,
Many thanks for the reply.
I was hoping it was ok having Blowfish, but I guess it could be their own "efficient" version.
Bye for now.
WHGIII gave you the most conservative answer. That is, in cryptology, the correct answer.
A more detailed analysis would say:
* the blowfish algorithm is considered strong for various reasons
* IFF the Norton program were written correctly (not just the algorithm implementation, but key hiding, worrying about getting swapped onto disk by the OS, etc.) then it would be a useful tool for security.
* Without examining the source, any assumption of security from using the tool relies *absolutely* on your trust of the implementor.
(In a Turing award paper, Ritchie described how you implicitly must trust your compiler-writers too.. the compiler could have clandestine functions like inserting extra code when it recognizes patterns)
So you see how WHGIII was correct, although for practical purposes (depending on the value of your data and the attackers you anticipate, plus the security of the rest of your system (only as strong as the weakest link)) you may find this tool acceptable in the non-exportable version. Keylength-limited versions are worthless from a security viewpoint.
But on this mailing list, you won't find the yes/no answer you probably want. Which is probably correct behavior for this list.
Cheers,
------------------------------------------------------------ David Honig Orbit Technology honig@otc.net Intaanetto Jigyoubu
"The tragedy of Galois is that he could have contributed so much more to mathematics if he'd only spent more time on his marksmanship."