The Vault - File Encryption

Re: The Vault - Hide your Files

Yes, there is. An encryption software should never rely on a key generated by the program itself. The encryption algorithm's strength, it's flawless implementation and the strength of user passphrase is what protects user's file, not hiding part of the key inside application code. You should think like this: even if you will publish full source code of your program, the strength of the protection your app is offering should remain the same as in the close source case.

 

Re: The Vault - Hide your Files

The program generated key was just an additional key, which was used in combination with the user provided key.

 

Re: The Vault - Hide your Files

The encryption algorithm is fine, of course, since experienced cryptographers have elaborated it and the encryption community has been analyzing it for many years. What might not be fine (and it WILL NOT BE FINE without an extensive planning of the security aspects) will be the implementation of the algorithm. Encryption is the easy part of an encryption software.

Once again, and for the last time, all I can say is that writing a software for security needs experience in security. Like building a wooden table needs experience in carpentry.

 

Re: The Vault - Hide your Files

Once again, I'm sorry to tell you, but this provides no additional security. Please understand that writing security software has some principles, it's not like you would program a notepad replacement. Or course, nobody forces you to obey these principles, but if you don't want to do that, the program you write might prove to be useless from a security point of view.

 

Re: The Vault - Hide your Files

I have decided to stop any further development of this project. People seem not to like the idea, or they are JUST focused on TrueCrypt, and nothing else has a place in their world.

Thanks to the handful of people who supported the project!

I will concentrate on enhancements for my Alternate Data Streams Scan Engine in the meantime.

 

Re: The Vault - Hide your Files

Don't give up your project because of the disgraceful bullying that has gone on in this thread. Who do these people think they are?
Arriving at the forum with enthusiasm and open arms you have been treated very badly.

 

Re: The Vault - Hide your Files

I really wish you wouldn't do that. I am really looking forward to trying the new version, the ones that uses tree views. I am upset to when people make comments that are negative with no specifics or without any ideas what should be done to change it; specifically how to implement those changes. Wilders is a learning community after all, is it not?

Please continue development, just don't post about it here. People here are obviously not interested in helping you make this project better. They can point out flaws but are in no way helpful in resolving those flaws.

Please check your PM box.

 

Re: The Vault - Hide your Files

I too was looking forward to the new version...

 

Re: The Vault - Hide your Files

Nobody here was "bullying." There were honest comments and criticisms to an unusual "write an encryption application on-the-fly" thread posted days after starting...and all done on a public forum!

The commitment couldn't be too strong if a few comments (from literally 4 or 5 people) could stop softtouch from developing his application all together. However, I think the idea of "education first" before writing a new encryption program is wise.

 

Re: The Vault - Hide your Files

In my opinion, there was a very aggressive,"sneary", dismissive tone used on some of the posts which I regard as bullying and very bad mannered.
I for one am glad that software like this can be debated and developed on a public forum, It is made out here as some sort of crime. Many "security" softwares and concepts of various kinds have arrived at the forum in a raw and unrefined state. It allows members to keep in touch with software developments and developers and open discussion and user input has improved some of these softwares immeasurably.
Secrecy, snobbery and elitism often makes for "wooden" "distant" software with developers and users and potential users completely out of touch.

 

Re: The Vault - Hide your Files

Sorry to strongly disagree, but as someone who watched from the sidelines, what you saw was the voice of reality asking some needed hard questions.

• If you're in the process of developing a solution - either free or paid - and are apparently completely unaware of the primary competition out there, there's something amiss. It speaks to a lack of attention to detail. That is something that is critical in this type of application in particular. Encryption lives and dies on details.
• If you go through the thread, key design decisions were being made on-the-fly based on casual comments provided in a non-expert venue. In other words, there was apparently no project plan, no detailed design specifications, no work breakdown structure. I don't know how many of you have ever had to drive a simple or complex project - but this is a recipe to hit a brick wall.
• Enthusiasm is great, but it is no replacement for a rational and well conceived plan that has undergone at least a bit of a reality check.

Blue

 

Re: The Vault - Hide your Files

1. it was not made as a security application in the term of "protecting perfectly sensitive documents". It was made, as I mentioned, for me to quickly encrypt some files to keep them away from other people.

2. you cannot make it right for everybody. Some people like it as it is and are satisfied with what it does.

3. It was portable, what many "security applications" are not. But because of this, it has restrictions.

4. Do people expect a perfect program after a couple of days, considered I am doing it alone and not in a crew of programmer? I was hoping to get ideas and feedback, not criticism after just couple of days.
Yes, wilders is a forum related to security, and I expected just to get more hints from the security experts here, but...

Anyway, this project is official on ice now, so people can relax. I will continue working on it, but will not post it here anymore.

You can, if you like, just remove this thread.

 

FYI: It may be worthwhile to recognize a fact well known and demonstrated by psychologists: electronic communication is very ineffective in transmitting emotion. Authors overestimate their ability to convey feelings, and recipients also overestimate their ability to correctly infer emotion (e.g., see here). This phenomenon may explain, in part, why some readers of this thread perceive the posts as “aggressive” while others interpret the same text as authentically and professionally “probing.”