Re: Encryption
Re: Encryption
- Subject: Re: Encryption
- From: Robert Tito <email@hidden>
- Date: Fri, 02 Jan 2004 19:44:02 +0100
On 2-1-2004 19:29, "Kyle Moffett" <email@hidden> wrote:
>
-----BEGIN PGP SIGNED MESSAGE-----
>
Hash: SHA1
>
>
On Jan 01, 2004, at 21:08, Robert Tito wrote:
>
> Hi Shawn
>
> Because our product is registered I cant go into much detail but we use
>
> polymorphic asymmetrical encryption. (with another tag upon which I
>
> cannot
>
> elaborate)
>
> Together that leads to the mathematical chance of 1:10^1256 for a 1 MB
>
> file.
>
>
So you are saying that you won't reveal your algorithm to anyone unless
>
they
>
first purchase a copy of your application? All of the popular
>
security-related
>
algorithms used today (EX: RSA, AES, SHA) are publicly documented and
>
described, yet for any reasonable key length they have not been found
>
to be
>
crackable. I took a short cryptography course recently, and we
>
explored the
>
properties of RSA encryption using primes, and unless you can factor
>
512 bit
>
numbers in any reasonable period of time RSA is unbreakable. That
>
invulnerability can be mathematically proven. I have read many security
>
related books that all state "Security through obscurity is no security
>
at all,"
>
yet many companies seem to focus on complex and convoluted algorithms
>
merely because they seem hard to crack. The books that I have read
>
state
>
that it is unwise to use any form of encryption for which the algorithm
>
is
>
unavailable because "it is a trade secret" or "it would be less
>
secure." Any
>
reasonable algorithm should be able to hold its own just as well even if
>
everybody knows how it works.
>
>
For example, NIST requested submissions of encryption algorithms to be
>
compared for the position of AES (Advanced Encryption Standard) The
>
whole process was public, anyone could review the algorithms on their
>
own to draw their own conclusions. NIST chose the Rijndael algorithm
>
with
>
public support. More info can be found here:
>
>
AES Home Page < http://csrc.nist.gov/CryptoToolkit/aes/ >
>
>
Cheers,
>
Kyle Moffett
>
>
- -----BEGIN GEEK CODE BLOCK-----
>
Version: 3.12
>
GCM/CS/IT/U d- s++: a16 C++++>$ UB/L/X/*++++(+)>$ P+++(++++)>$
>
L++++(+++) E W++(+) N+++(++) o? K? w--- O? M++ V? PS+() PE+(-) Y+
>
PGP? t+(+++) 5 X R? tv-(--) b++++(++) DI+ D+ G e->++++$ h!*()>++$ r
>
!y?(-)
>
- ------END GEEK CODE BLOCK------
>
>
-----BEGIN PGP SIGNATURE-----
>
Version: GnuPG v1.2.3 (Darwin)
>
>
iD8DBQE/9bh5ag7LSGnFq10RAsfTAKDUeMnwdrd4ugrMAen1BSS7+qaR8ACfRGeJ
>
QfVYvOvPWpND2jJ8plccNbA=
>
=uLU6
>
-----END PGP SIGNATURE-----
>
_______________________________________________
>
cocoa-dev mailing list | email@hidden
>
Help/Unsubscribe/Archives:
>
http://www.lists.apple.com/mailman/listinfo/cocoa-dev
>
Do not post admin requests to the list. They will be ignored.
>
Why should I reveal a commercial product that has been written using a C++
compiler using assembler for the encryption stages, it is NOT GPL, it has
been developed since 1994 and it is NOT based upon any open source license.
So no we will definately not open our toolbox, besides the Dutch
Intelligence will prevent that by all means. I am sorry we have the highest
classification possible, unlike Verisign et. Al.
Rob Tito
email@hidden
email@hidden
++31 - (0)621 - 824722
"The changes we wish to see need to come from within us"
M. Gandhi
3Freedom is not worth having if it doesn't include the freedom to make
mistakes2
M. Ghandi
3Friends are dear, cherish them2
R.P. Tito
_______________________________________________
cocoa-dev mailing list | email@hidden
Help/Unsubscribe/Archives:
http://www.lists.apple.com/mailman/listinfo/cocoa-dev
Do not post admin requests to the list. They will be ignored.