Urk.. not wanting to start up the "MIME is Evil, ASCII Forever !" thread again, but it would help those of us who have to use MIME-supporting mail programs if you didn't send messages as MIME attachments, pine is too stupid to actually include the attachment in the reply...
How Secure Can PrivaSoft Be?
The typical policy is to limit the allowable cryptographic strength of commercial products to a level that is strong enough for commercial purposes.
Sadly, that's not true. The typical policy is to limit the cryptographic strength to a level that the NSA or a few hackers can break. IMHO 40-bit RC4 doesn't come close to being strong enough for commercial purposes, at least for anything other than trivial messages.
The cryptographic engine of PrivaSoft PrivaSoft uses a pseudo-random generator that is seeded by a 9 digit number uniformly normalized from the user's secret key.
So that's about 30 bits ? Hmm, the computer on my desk kicked butt five years ago, but today it's not much use for anything other than an X-terminal, and slower than my $1500 laptop. Yet when we were cracking SSL, it was searching a 28-bit chunk of keyspace every hour or so merely using the idle cycles. In which case, if it's no harder to detect a correct decryption than SSL, and no slower to decrypt than RC4, I could crack your messages in about 4 hours by myself (of course, from what you've said, it almost certainly *is* harder than that, the question is *how much* harder). Incidentally, how do you intend to distribute these secret keys ? Do you have some kind of RSA layer on top, or do I just have to call everyone I want to send faxes to and ask for their key ?
The 9 digit key, when applied to analogue, the graphical encryption is
What do you mean here ? What's analogue in this system ? You're running it on digital data in a digital computer, right ?
equivalent to a much longer key applied to alphanumeric encryption.
PrivaSoft is unique in being a one-stop product than can serve all types of modern correspondence, including E-mail, fax and paper printouts. ^^^^^^ This seems to be a direct contradiction of what you said above, unless you
Perhaps, but it would have to be at least 1000 times harder merely to make it as secure as RC4-40, which we've already shown to be insecure. plan to send email by creating a bitmap, encrypting the bitmap, and then sending that to the recipient. Some of us don't have T1 links to support that kind of mail... and it won't support, say, sending an executable file or C source code in that message and being able to use it at the other end. It's also hardly unique, as PGP can readily encrypt any kind of digital data, with much better security. Mark