-----BEGIN PGP SIGNED MESSAGE----- Hello privsoft@ix.netcom.com and cypherpunks@toad.com (Cypherpunks Mailing List) and futplex@pseudonym.com (Futplex) F. writes: ...
The cryptographic engine of PrivaSoft
PrivaSoft uses a pseudo-random generator that is seeded by a 9 digit number uniformly normalized from the user's secret key. The engine is proprietary, designed according to the rules of modern cryptology to make the best use of the allowable key length.
This seems paradoxical. PrivaSoft uses a key approximately 30 bits long. It ... Two possible explanations I can imagine are:
(0) PrivaSoft actually uses a key longer than 9 digits, and someone just made ...
Could it be 9 hex digits = 36 bits? Perhaps there's an even bigger paradox in there: " The engine is proprietary, designed according to the rules of modern cryptology. " Now I'm not familiar with the rules cited, but wouldn't proprietary tend to go against them?
[...]
The use of default keys
...
meant to resist attacks based on the cryptanalyst gaining access to many ciphertexts, even if all were encrypted with a single key.
Perhaps theirs isn't? Could be a Freudian slip, you know...
[...]
A simple example: For a short message, increasing the font size of the text by a factor of 10 will significantly increase the time required for breaking the encryption.
Anyone know how to get 120 point text in LaTeX ?
Don't worry, the whole thing sounds bogus anyway. I'd say a larger font would make it *easier* to break (more correlation per pixel). They probably think it'll be harder because there's more pixels. In the original message (NOTE CHANGE IN INDENT!):
From: anonymous@freezone.remailer
...
Introduction
PrivaSoft is a communication security product, and the user is entitled to know how secure it is. This document addresses the question of cryptographic strength of PrivaSoft.
No it doesn't.
Export license regulations
In some advanced countries, cryptographic products are categorized as "munitions" and their use, sale or exportation is controlled by local licensing regulations. PrivaSoft has obtained an export license from the governments of Israel and the USA. Licenses in other countries are obtained ...
All right, I guess it does. USA approved export, so it must be very weak. ...
The basic intention of this regulation is to protect the state from abuse of too strong cryptographic products by terrorists and criminals. ...
Is it? I think there are one or two people on this list who think the intention is otherwise... ...
The use of default keys ... This is done by using the pseudo- random "key extension" feature which is described in the PrivaSoft user's guide.
Do they mean "salt"? If so why don't they say it? If not, what *do* they mean?
The information contents a clear message
This is a strange title (I suspect "of" dropped out), but it might well sum it all up :-)
If a cryptographic product is properly designed, then the almost only way to
A big "if", if I might say so. ...
a significant portion of the page must be reconstructed, and a significant amount of mathematical correlation must be calculated between neighboring areas of the image, before the cracking software can tell whether the candidate key is ...
This can at most buy you a constant factor - useful, but not very. I doubt the two uses of "significant", too. Anybody remember those diagrams in Typing textbooks about the layout of a letter? ...
Customized versions of PrivaSoft
...
The cryptographic engine can be customer-furnished and customer integrated, ...
What do they mean by this bit? Sorry about being so negative, but it is necessary when evaluating security. Jiri - -- If you want an answer, please mail to <jirib@cs.monash.edu.au>. On sweeney, I may delete without reading! PGP 463A14D5 (but it's at home so it'll take a day or two) PGP EF0607F9 (but it's at uni so don't rely on it too much) -----BEGIN PGP SIGNATURE----- Version: 2.6.2i iQCVAwUBMIxCPyxV6mvvBgf5AQFTEQP+IJL0X3iehm2B6zJf+eI0EThmxmJpCkbt KhiAw/dTP/Bdy2Io5pFY1YiIUxkfZyS94N6zd6WqCj48UvfNUlp2t3bN8g1kip+T feJJmwwhnzdyuf8m8zgFNcW9lH9143/tqw9l0JDrjpyNp8l39zv+MbH5juAenC40 U7JUExUdcSE= =Fzqp -----END PGP SIGNATURE-----