DriveCrypt Comminucation

Discussion in 'privacy technology' started by zoppe, Oct 19, 2005.

Thread Status:
Not open for further replies.
  1. zoppe

    zoppe Registered Member

    Mar 28, 2005
    A recent email to Securestar produced the following:

    I SENT:

    I keep hearing that DES encryption is not considered secure yet is one of the encryption options within DriveCrypt 3 and 4. Is this true?


    Yes, DES was broken, but there are still some customers who want it. If you want to encrypt a disk or a partition is not necessary to use DES algorithm.
    We offer also this encryption algorithms: AES 256, Triple AES, Blowfish, Triple Blowfish, Tea 16, Tea 32, IDEA, Triple DES, Square and Misty 1.

    I SENT:
    This is very confusing...

    You’ll claim that Drivecrypt has “never been broken”.... which is bold statement... yet you offer, as an optional algorithm, DES which has been broken .... for years. Thus, it is a very real possibility that a customer could purchase this product, use this wide open algorithm (with the unwitting thought that it must be secure if it is offered by such a security conscious organization) only to have it cracked with little budget or effort by even the smallest of organization... thus, don’t look now.... your program has just been compromised or in effect “ it has been broken”. Am I missing something?

    I would recommend that you not offer it as an option or at the lease have a pop-up window if it is selected to caution your customers as to its complete uselessness in terms of security...


    Mr. Richard,

    Our program has never been compromised and never been broken.
    The standard original DES algorithm has been broken, but not a container of DriveCrypt. Today it is widely common that DES is not safe. we should put a note in the software warning about that. Thank you for your comments.

    Can someone explain what they are trying to tell me...specifically...what is the subtle difference between a the “container” and the DES encryption that secures it…or am I all confused?
  2. tuatara

    tuatara Registered Member

    Apr 7, 2004
    The difference is that the algorithm is broken
    but there is no implementation of the same algorithm by DriveCrypt that
    is broken.(according to them).

    So they are saying that you are right, it is unsafe, but that
    their program is not broken yet.

    I think you are completely right, they have to drop that algorithm,
    if they know it CAN be broken.

    But how can they be sure that it is not broken yet?
    perhaps this is done frequently by people which have GOOD reasons
    NOT to reveil this.
    I think this is a very unclever statement !

    It sure can be done, like they say so themselves.

    CONCLUSION: Don't use DES
Thread Status:
Not open for further replies.