If anyone is interested in helping out the gentleman quoted below by ruthlessly savaging :-) his algorithm and assumptions, would you please e-mail me so I can hook you up with him? (He decided not to post to the list directly to avoid the usual signal-to-noise problems. Can't blame him. But I offered to forward along relevant info and queries.)
Is there a way of someone trustworthy to try and break VGP and express an opinion on it's strength or weakness. I can basically describe the encryption approach and the reencryption, number of passes, final conversion to clean text from a binary etc. with you to try to give you some level of comfort without sharing the code. I would also like to have someone competent run it through the paces, and then if it is not worthy, go back to the drawing board.
In short, I appreciate your comments and frankness, and assure you I am interested in your opinion or anyones opinion, and interested in making the system rugged. I agree with your point, and perhaps it sums the whole issue up in one line, and that is that "bad encryption is worse than no encryption". encouraging a false sense of security is not something I want to be part of, I do want to be responsible to others.
-- Bruce Baugh bruce@aracnet.com http://www.aracnet.com/~bruce