heres a version with eighty character lines: ============================================================================ How Secure Can PrivaSoft Be? Introduction PrivaSoft is a communication security product, and the user is entitled to know how secure it is. This document addresses the question of cryptographic strength of PrivaSoft. Export license regulations In some advanced countries, cryptographic products are categorized as "munitions" and their use, sale or exportation is controlled by local licensing regulations. PrivaSoft has obtained an export license from the governments of Israel and the USA. Licenses in other countries are obtained in coordination with the local distributors. The typical policy is to limit the allowable cryptographic strength of commercial products to a level that is strong enough for commercial purposes. The basic intention of this regulation is to protect the state from abuse of too strong cryptographic products by terrorists and criminals. Some countries do not practice such law because it is viewed as a denial of freedom of expression. PrivaSoft willfully complies with these regulations as it is a commercial product, and it is not intended for national security applications with its current key length which is the maximum legally allowable for commercial users. The cryptographic engine of PrivaSoft PrivaSoft uses a pseudo-random generator that is seeded by a 9 digit number uniformly normalized from the user's secret key. The engine is proprietary, designed according to the rules of modern cryptology to make the best use of the allowable key length. Like other dependable cryptographic engines, the structure of the encryption software can be disclosed without compromising the security of the user. However, the coding and specific parameters of the mechanism are considered a trade secret and will be disclosed for the purpose of cryptoanalytic validation when necessary and under an appropriate non-disclosure non- competition agreement. The use of default keys When secret keys or passwords are used by laymen, there is always a conflict between security and convenience: The user tends to use fixed, easily memorized keys again and again, while the cryptoanalyst only waits for an opportunity to see many messages encrypted by the same key. PrivaSoft, being a secure commercial product must live in peace with both - allow the user to use a repetitive, default key, and deny the cryptoanalyst the pleasure of having many messages encrypted by one key. This is done by using the pseudo- random "key extension" feature which is described in the PrivaSoft user's guide. The information contents a clear message If a cryptographic product is properly designed, then the almost only way to crack it is to try all possible keys. If the process is done by a computer, the "cracking"" software must be taught to tell the correct key from the wrong keys. This can only be done if there are some properties of the decrypted message that are known a - priori. With the PrivaSoft analogue graphical encryption, and with the naturally noisy fax images, a significant portion of the page must be reconstructed, and a significant amount of mathematical correlation must be calculated between neighboring areas of the image, before the cracking software can tell whether the candidate key is wrong. This makes the cracking process much slower than in alphanumeric encryption of the text in a natural language. The 9 digit key, when applied to analogue, the graphical encryption is equivalent to a much longer key applied to alphanumeric encryption. The cryptographically oriented user can make it very much harder by some smart pre-processing of the image prior to its encryption. A simple example: For a short message, increasing the font size of the text by a factor of 10 will significantly increase the time required for breaking the encryption. Customized versions of PrivaSoft PrivaSoft is unique in being a one-stop product than can serve all types of modern correspondence, including E-mail, fax and paper printouts. Special applications that need and can obtain a license to use non-commercial cryptographic engines can be accommodated by special versions of PrivaSoft. The cryptographic engine can be customer-furnished and customer integrated, however - since in some areas the integration of this product with certain cryptographic engines may be considered "munitions", each customized version of the product has to be licensed separately in accordance with the laws of the territory where it was created and used. ==========================================================================