RE: FW: Symantec Norton, Your Eyes Only.
Hi William, Many thanks for the reply. I was hoping it was ok having Blowfish, but I guess it could be their own "efficient" version. Bye for now.
-----Original Message----- From: William H. Geiger III [SMTP:whgiii@invweb.net] Sent: Friday, January 23, 1998 2:12 PM To: Pearson Shane Cc: 'cypherpunks@toad.com' Subject: Re: FW: Symantec Norton, Your Eyes Only.
-----BEGIN PGP SIGNED MESSAGE-----
In <01ISPY42BHTU00B7O0@hmgwy1.isd.tafensw.edu.au>, on 01/23/98 at 02:56 PM, Pearson Shane <Shane.Pearson@tafensw.edu.au> said:
Anyone?
-----Original Message----- From: Pearson Shane Sent: Thursday, January 15, 1998 1:25 PM To: 'cypherpunks@toad.com' Subject: Symantec Norton, Your Eyes Only.
Hey all,
Just wondering what people think of this product? Good, bad or ugly?
Is there an international version and a US version?
If so, what limitations are in the international version?
Many thanks...
Is source code available for peer review? NO
Is it US Commercial software? YES
I wouldn't use it to secure an outhouse. No source no trust.
- -- - --------------------------------------------------------------- William H. Geiger III http://users.invweb.net/~whgiii Geiger Consulting Cooking With Warp 4.0
Author of E-Secure - PGP Front End for MR/2 Ice PGP & MR/2 the only way for secure e-mail. OS/2 PGP 2.6.3a at: http://users.invweb.net/~whgiii/pgpmr2.html
- ---------------------------------------------------------------
Tag-O-Matic: If at first you don't succeed, work for Microsoft.
-----BEGIN PGP SIGNATURE----- Version: 2.6.3a-sha1 Charset: cp850 Comment: Registered_User_E-Secure_v1.1b1_ES000000
iQCVAwUBNMgK6Y9Co1n+aLhhAQF08wP/abLg8ftPY7nuJ1hp8OKi6Ik2lx7A70/3 0GU++TZAmLWJ4XKlgCiujm0Z06P3rSEf+qtiIOTfFKUaN4kvt9JlmkH6h8fmuAJf t48Cq5XQbeYDMJ6HjvGpPraZJd5zmqv54UQuUjswZBONNIMqt+ypy6id/hpe0BY9 mOg9VyMW1cM= =aNiz -----END PGP SIGNATURE-----
At 03:46 PM 1/23/98 +1100, Pearson Shane wrote:
Hi William,
Many thanks for the reply.
I was hoping it was ok having Blowfish, but I guess it could be their own "efficient" version.
Bye for now.
WHGIII gave you the most conservative answer. That is, in cryptology, the correct answer. A more detailed analysis would say: * the blowfish algorithm is considered strong for various reasons * IFF the Norton program were written correctly (not just the algorithm implementation, but key hiding, worrying about getting swapped onto disk by the OS, etc.) then it would be a useful tool for security. * Without examining the source, any assumption of security from using the tool relies *absolutely* on your trust of the implementor. (In a Turing award paper, Ritchie described how you implicitly must trust your compiler-writers too.. the compiler could have clandestine functions like inserting extra code when it recognizes patterns) So you see how WHGIII was correct, although for practical purposes (depending on the value of your data and the attackers you anticipate, plus the security of the rest of your system (only as strong as the weakest link)) you may find this tool acceptable in the non-exportable version. Keylength-limited versions are worthless from a security viewpoint. But on this mailing list, you won't find the yes/no answer you probably want. Which is probably correct behavior for this list. Cheers, ------------------------------------------------------------ David Honig Orbit Technology honig@otc.net Intaanetto Jigyoubu "The tragedy of Galois is that he could have contributed so much more to mathematics if he'd only spent more time on his marksmanship."
participants (2)
-
David Honig -
Pearson Shane