|
|
#1
October 19th, 2005, 03:50 PM
|
|||
|
|||
DriveCrypt Comminucation
A recent email to Securestar produced the following:
I SENT: I keep hearing that DES encryption is not considered secure yet is one of the encryption options within DriveCrypt 3 and 4. Is this true? THEY SENT Yes, DES was broken, but there are still some customers who want it. If you want to encrypt a disk or a partition is not necessary to use DES algorithm. We offer also this encryption algorithms: AES 256, Triple AES, Blowfish, Triple Blowfish, Tea 16, Tea 32, IDEA, Triple DES, Square and Misty 1. I SENT: This is very confusing... You’ll claim that Drivecrypt has “never been broken”.... which is bold statement... yet you offer, as an optional algorithm, DES which has been broken .... for years. Thus, it is a very real possibility that a customer could purchase this product, use this wide open algorithm (with the unwitting thought that it must be secure if it is offered by such a security conscious organization) only to have it cracked with little budget or effort by even the smallest of organization... thus, don’t look now.... your program has just been compromised or in effect “ it has been broken”. Am I missing something? I would recommend that you not offer it as an option or at the lease have a pop-up window if it is selected to caution your customers as to its complete uselessness in terms of security... THEY SENT: Mr. Richard, Our program has never been compromised and never been broken. The standard original DES algorithm has been broken, but not a container of DriveCrypt. Today it is widely common that DES is not safe. we should put a note in the software warning about that. Thank you for your comments. Regards, Can someone explain what they are trying to tell me...specifically...what is the subtle difference between a the “container” and the DES encryption that secures it…or am I all confused? |
|
#2
October 19th, 2005, 04:10 PM
|
||||
|
||||
|
Re: DriveCrypt Comminucation
The difference is that the algorithm is broken
but there is no implementation of the same algorithm by DriveCrypt that is broken.(according to them). So they are saying that you are right, it is unsafe, but that their program is not broken yet. I think you are completely right, they have to drop that algorithm, if they know it CAN be broken. But how can they be sure that it is not broken yet? perhaps this is done frequently by people which have GOOD reasons NOT to reveil this. I think this is a very unclever statement ! It sure can be done, like they say so themselves. CONCLUSION: Don't use DES
__________________
This old creature lived here for hundreds of years before those malware creators arrived on the Internet |
| « Previous Thread | Next Thread » |
| Thread Tools | Search this Thread |
|
|
