!! Point 'n Crypt -- Win95 Privacy for Everyone !!
Walt Armour
walt at blarg.net
Fri Dec 13 22:43:29 PST 1996
There is no arguing that 40 bits is strong security. I agree with that.
But we (Soundcode, and anyone else in the business of crypto) have to also
look at things from the standpoint of market share and market size.
Exportability directly affects market size and weighs in fairly heavily.
(Which is why ITAR (oops, Commerce) restrictions bite). Which is why the
current offering is 40 bits.
As for security, the current release of PnC is primarily targetting
privacy, not security. They are two very similar but different approaches.
40 bits is sufficient to encrypt files and keep them away from friends,
family and coworkers (unless you work at the NSA). The point of Point 'n
Crypt is to attempt to make encryption technology easily useable and
widespread. If anything you have is of such a nature that 40 bits isn't
enough protection then by all means don't use PnC (at least not this
version :).
As for your final point, I agree, some people are stupid. But part of the
purpose of being a cypherpunk (and SoundCode) is to educate those that can
be educated. Sometimes education just has to take pretty small steps...
later,
walt
----------
From: Matthew Ghio[SMTP:ghio at myriad.alias.net]
Sent: Friday, December 13, 1996 4:49 PM
To: walt at blarg.net
Cc: cypherpunks at toad.com
Subject: Re: !! Point 'n Crypt -- Win95 Privacy for Everyone !!
walt at blarg.net (Walt Armour) wrote:
> Point 'n Crypt uses 40-bit DES-CBC (exportable), salted SHA passphrases,
> and conforms to PKCS #5 and PKCS #7.
40bit encryption isn't much security at all. If you've got something
important enough to encrypt, then it's important enough to find a proper
encryption program. Why would anyone buy this shit?
(That's a rhetorical question, of course; the answer is because some
people are stupid...)
More information about the cypherpunks-legacy
mailing list