M.Wagoner (1) writes:
We would like someone to be able or should I say try and crack our encryption. IT IS IMPOSSIBLE.
Our Web site is http://www.sfmc.com Phone number is 1-800-252-9938.
Randy Estridge SafE Mail Corporation
I checked the web site, and found the following snake oil aroma (caused largely by the idiotic commentary and the word "proprietary" on the encryption algorithm...) ------ * SafE Mail utilizes a short 22 character Public Key which I realize is "great" for key exchange. Does this short Public Key the encription code vulnerable to attack? No! The Public Key is generated by a "One Way Hash Function" when the owner of the software names a private key or passwords. This makes the encryption code secure and not vulnerable to attack by unautorized individuals. [Perry's comments: 1) personal pet peve -- using quote marks for emphasis. 2) Er, whats this crap? I understand perhaps generating RSA keys off of a passphrase, but that wouldn't help you with key exchange -- your public key is 1024 bits no matter what you do. As for the rest...] [...] * Is Safe Mail really secure? We believe so. Unlike other encryption software, SafE Mail, through its proprietary encryption algorithm, leaves neither a backdoor nor a master key for any third party decryption of an encrypted file. To achieve extra security, SafE Mail allows an unlimited number of multiple encryptions without corrupting the original file. The output encrypted file bears no hint to the size or type of the original file [Perry's comments: Yeah, like PGP has a back door or anything, or like it prevents superencipherment, or like it leaks what your file was...] ------- Having read the web site, the thing looks like it offers no advantage at all over PGP and that it might be a piece of junk. I say stick with whats known to be good and is free. PGP's price is certainly right, especially when you consider what crap the "commercial" stuff like this usually is. Oh, and to the folks at Safe Mail: I will happily test out the quality of your software for my standard consulting rate. My time is, however, too valuable to waste on stuff like this without being paid. If other people want to have a good time testing your product out, let them feel free. Perry