-----BEGIN PGP SIGNED MESSAGE----- Allow me to quote from your web page: http://www.flagler.com/security.html Quote #1: "The POUCH is a secure e-mail terminal program for IBM compatible computers. It uses a secret key phrase, advanced cryptographic techniques and several unpublished algorithms to protect data in the body of e-mail messages. The key phrase, which can be up to 48 bytes long, is easily remembered and communicated. The POUCH is highly resistant to all known forms of cryptographic attack." Quote #2: "We warrant that the product when delivered to you has no short cuts, covert channels or secret solutions of any kind. No other warranty, either expressed or implied is given." These two statements are contradictory; an unpublished algorithm is itself a secret solution, and a covert channel. Why is it that software manufacturers keep popping up and spewing nonsense? Obscurity is not security. Making the algorithm proprietary does extremely little in making it resistant to attack. All of your statements regarding the security of "The Pouch" are worthless, for you have no data with which to substantiate your claims. If it is any good, there's no way for us to know. But your marketing of the product has every indication that it's nothing more than smoke and mirrors. To coin a phrase, "pseudocrypto." Please refrain from your bogus marketing techniques. This kind of stuff, by claiming to be "real cryptography" makes real cryptographers look bad. - -- C Matthew Curtin MEGASOFT, LLC Director, Security Architecture I speak only for myself. Don't whine to anyone but me about anything I say. Hacker Security Firewall Crypto PGP Privacy Unix Perl Java Internet Intranet cmcurtin@research.megasoft.com http://research.megasoft.com/people/cmcurtin/ -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Have you encrypted your data today? iQCVAwUBMhdZaBhyYuO2QvP9AQHaxQP+OvqYc9U/3BTPwnEhL/9ADkzL+ulhILpj 1zbyhktoCB4yMB13WQgm05DM6lolUufo63nkhsX4giMhrQ2XCBeM5/8pxJOD2ThY 3+foxma7e3tUv8r6PjNlnhn2TzVPPgbN+6NdpUCbNtOpG8GsD4EdQ35S+H0Y+aJm 75FfHfaDrNQ= =6Zxy -----END PGP SIGNATURE-----
Hi
"The POUCH is a secure e-mail terminal program for IBM compatible computers. It uses a secret key phrase, advanced cryptographic techniques and several UNPUBLISHED ALGORITHMS to protect data in the body of e-mail messages. The key phrase, which can be up to 48 bytes long, is easily remembered and communicated. The POUCH is highly resistant to all known forms of cryptographic attack." [emphasis mine]
The INSTANT one see's the words "unpublished algorithms" appear in the context of cryptography one knows that snake oil is being purveyed. Resistant to all known forms of cryptographic attack?? Words fail me.
Making the algorithm proprietary does extremely little in making it resistant to attack. All of your statements regarding the security of "The Pouch" are worthless, for you have no data with which to substantiate your claims.
Absolutely.
If it is any good, there's no way for us to know. But your marketing of the product has every indication that it's nothing more than smoke and mirrors. To coin a phrase, "pseudocrypto." Please refrain from your bogus marketing techniques. This kind of stuff, by claiming to be "real cryptography" makes real cryptographers look bad.
Quite right. I'm not a "real cryptographer" myself, however I do feel that many people on this list subscribe to a similar set of values and are equally angered by people who sell snake oil to unsuspecting people. Later Mike
"mattC" == C Matthew Curtin <cmcurtin@research.megasoft.com> writes:
mattC> -----BEGIN PGP SIGNED MESSAGE----- mattC> Allow me to quote from your web page: mattC> http://www.flagler.com/security.html mattC> Quote #1: mattC> "The POUCH is a secure e-mail terminal program for IBM compatible mattC> computers. It uses a secret key phrase, advanced cryptographic mattC> techniques and several unpublished algorithms to protect data in the mattC> body of e-mail messages. The key phrase, which can be up to 48 bytes mattC> long, is easily remembered and communicated. The POUCH is highly mattC> resistant to all known forms of cryptographic attack." mattC> Quote #2: mattC> "We warrant that the product when delivered to you has no short cuts, mattC> covert channels or secret solutions of any kind. No other warranty, mattC> either expressed or implied is given." mattC> If it is any good, there's no way for us to know. But your marketing mattC> of the product has every indication that it's nothing more than smoke mattC> and mirrors. To coin a phrase, "pseudocrypto." To coin a phrase, "pseudocrapto" :-) Jay -- ------------------------------------------------------ James P. Anderson III anderson@optical.bms.com Senior Network Engineer N3JMC Bristol-Myers Squibb Pharmaceutical Research Institute Princeton, NJ 08543 Work: (609)-252-6039
participants (4)
-
anderson@optical.bms.com -
C Matthew Curtin -
dlv@bwalk.dm.com -
Mike van der Merwe