Encryption Software

Discussion in 'privacy technology' started by dallen, Sep 18, 2005.

Thread Status:
Not open for further replies.
  1. Devinco

    Devinco Registered Member

    Joined:
    Jul 2, 2004
    Posts:
    2,524
    StevieO,

    No problem downloading them here with FF.
     
  2. Devinco

    Devinco Registered Member

    Joined:
    Jul 2, 2004
    Posts:
    2,524
    Paranoid2000,

    I tested this with TrueCrypt, and you are right. Only one hidden volume can be made per volume. In the attempt to create a second hidden volume, the first hidden volume was overwritten in the format process.
    Of course you can nest regular volumes without limit, so you could put a second volume (containing a hidden volume) within another volume. Not quite the same thing, but it's a start (and it is in windows).

    Thank you for the info and the wise advice.
     
  3. StevieO

    StevieO Guest

  4. Devinco

    Devinco Registered Member

    Joined:
    Jul 2, 2004
    Posts:
    2,524
    LOL,
    Tell me about it. In the not too distant past, I thought all this encryption stuff was just for crooks and spies, not ordinary people. But criminals are actively targetting people regardless of their security knowledge. We need to defend ourselves from these low-lifes because governments are not going to do it for us.

    Never read the book, but it sounds like it would be a fun fantasy read.
    Do you recommend it?
     
  5. Devinco

    Devinco Registered Member

    Joined:
    Jul 2, 2004
    Posts:
    2,524
    I am not knowledgeable in the legal area in regards to encryption software. In the US, it is considered a munition and has severe export restrictions. It may be possible that they are blocking your ip address if you are outside the US (or even proxied). Uploading encryption software may be considered the same thing as distributing it and may be illegal here. Sorry, but I'd rather play it safe.
     
  6. justacomment

    justacomment Guest

    Dan Brown's digital fortress? Well it's a fun read, but there are many glaring errors when it comes to technical matters, so I wouldn't recommend learning the basics of "encryption stuff" from it.

    Some of it struck me as wildly impossible or wrong, but what do I know?

    What you mentioned sounds a lot like one of the fantasy ideas in the book.
    So called "rotating cleartext" algothrim with a time invariant function. The idea is to make it immune even to bruteforce. :)
     
  7. Devinco

    Devinco Registered Member

    Joined:
    Jul 2, 2004
    Posts:
    2,524
    Thanks JustAComment,

    I've got a lot to learn about encryption but thankfully there are experts and many others here at Wilder's willing to help increase our encryption knowledge level. Threads like this help a great deal.

    Not that it is related to this thread, but for those interested in learning more about encryption, here are some books that may be of interest.
     
  8. Devinco

    Devinco Registered Member

    Joined:
    Jul 2, 2004
    Posts:
    2,524
    So has anyone here used both PGP Home Desktop 9 (the PGP Disk component) and TrueCrypt 3.1a?
    Not counting the Open Source/Closed Source issue, which is better?
    Which is easier to use? (creating mountable volumes, working with them, etc.)
    Can PGP Home Desktop 9 make hidden volumes?
     
  9. Devinco

    Devinco Registered Member

    Joined:
    Jul 2, 2004
    Posts:
    2,524
    justacomment,

    What do you consider to be the best encryption software on the market?
     
  10. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    102,543
    Location:
    Texas
  11. Devinco

    Devinco Registered Member

    Joined:
    Jul 2, 2004
    Posts:
    2,524
    Thanks Ronjor,

    That's a great link.
    It answers a lot of questions like where to get the free / trial version of PGP, etc.
    I couldn't find anywhere if they have an upgrade from version 8.02.
    Do you think they have an upgrade policy or do you need to buy the new version again?
     
  12. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    102,543
    Location:
    Texas
  13. Devinco

    Devinco Registered Member

    Joined:
    Jul 2, 2004
    Posts:
    2,524
    Thanks Ronjor. :)
     
  14. JacksonDK3

    JacksonDK3 Registered Member

    Joined:
    Sep 27, 2005
    Posts:
    2
    Hello,

    Has anybody here used DriveCrypt and /or DriveCrypt Plus Pack?
    I saw that DCPP can even encrypt the OS

    If you are intereste you might want to take a look ;) .

    Link removed: Use Google please : Pilli
     
    Last edited by a moderator: Sep 27, 2005
  15. Inspector Clouseau

    Inspector Clouseau AV Expert

    Joined:
    Apr 2, 2006
    Posts:
    1,329
    Location:
    Maidenhead, UK
  16. Inspector Clouseau

    Inspector Clouseau AV Expert

    Joined:
    Apr 2, 2006
    Posts:
    1,329
    Location:
    Maidenhead, UK
  17. Andrew Glina

    Andrew Glina Registered Member

    Joined:
    Sep 22, 2005
    Posts:
    14
    Location:
    Hobart (Australia)
    Bruce

    Well, as I say, his opinion on OTP is well known. If you were surprised that he thinks OTP is snake oil then you would have to live on another planet. Thanks for posting this link.

    (Incidently, my program was not the original topic.)
     
  18. Paranoid2000

    Paranoid2000 Registered Member

    Joined:
    May 2, 2004
    Posts:
    2,839
    Location:
    North West, United Kingdom
    Re: Bruce

    He doesn't think OTP is snake oil, merely the (faulty) attempts of many vendors to mimic it resulting in an insecure product.
    Well, it is now... :)
     
  19. Andrew Glina

    Andrew Glina Registered Member

    Joined:
    Sep 22, 2005
    Posts:
    14
    Location:
    Hobart (Australia)
    I stand corrected

    Yes, you are right. I worded that wrong. I should have said "If you were surprised that he thinks a OTP program is snake oil then you would have to live on another planet." Here is a quote from his Snake Oil essay;


    "....One-time pads don't make sense for mass-market encryption products. They may work in pencil-and-paper spy scenarios, they may work on the U.S.-Russia teletype hotline, but they don't work for you....."


    He is entitled to his opinion.
     
  20. Mmike

    Mmike Guest

    Re: I stand corrected

    I realy don't understand how can't you see why he is right? I mean, not just because he is The Bruce AllMighty, but just using pure logic?
     
  21. Andrew Glina

    Andrew Glina Registered Member

    Joined:
    Sep 22, 2005
    Posts:
    14
    Location:
    Hobart (Australia)
    Pure Logic

    What "Pure Logic" are you referring to "Mmike"?

    That the files are too big? Not true.

    That it is hard to transfer the keys? True, but that is not a reason to dismiss the technique. Many people use this method (not just users of my software either) for regular EMails with someone that they see at least every six months.

    That is is hard to generate the keys? Not true. If you are using it to encrypt something huge then it is harder, but there are many ways to generate unpredictable files of around 1 MB. One that I have not mentioned is you open several files and cut and paste small sections (only once from each place I might note) from them at random and make one file. This file is 100% unpredictable as a whole, and still largely unpredictable in parts, while still not completely random. If you then test this file (using CryptIt) to ensure that there are no repeated nulls then it is secure for most purposes. Other options include using sections of a BBS generator output, perhaps even doing the same thing.


    While I have not seen "Bruce AllMighty" I think I know where you are coming from. I think you are saying that because he is a respected member of the security community then I should see his opinion as fact. Well, to put it bluntly, I don't. I question everything, and I think you should too.

    But I am not trying to convince anyone of anything. I am just trying to give a balanced debate so that anyone reading this can come to their own opinion. I even plan to link to this thread and Mr. Schneier insults from my site. If you think my software (or even OTP) is flawed then that is your right. But I find it very offensive to be accused of being a con man. and that is what people are saying when they label my software as "Snake Oil". As Mr. Schneier himself says;

    'The term we use for bad cryptography products is "snake oil," which was the turn-of-the-century American term for quack medicine. It brings to mind traveling medicine shows, and hawkers selling their special magic elixir that would cure any ailment you could imagine.'

    I have never claimed that my software is the be-all-and-end-all of security. I just claim that it has it uses and that it does work. Feel free to use it or not. It is a choice.
     
  22. Re: Pure Logic

    Using phrases like "completely unbreakable" on your website doesn't really give that impression, now does it?

    If you don't want to be seen as a con man, you should say something like:

     
  23. Andrew Glina

    Andrew Glina Registered Member

    Joined:
    Sep 22, 2005
    Posts:
    14
    Location:
    Hobart (Australia)
    Randomly Lurking

    Thanks for the tip random lurker, but I think I will leave it the way it is. Your blurb seems a bit negative.

    Besides, I do much the same now already. I have a link at the bottom of the XorIt and CryptIt page labled "Why you should consider using another program...". This then links to my FAQ which explains that Bruce Schneier thinks my program is "Snake Oil" with a link to his blog entry.
     
  24. Well, the link's a bit subtle, and the "#Snake" part doesn't work, and I still feel that your blurb makes a bit too much of the program's capabilities... but as you can probably tell, I'm no advertiser ;-).

    Still, kudos for doing what you have -- and for bonus points, fix the anchors on your FAQ page :).
     
  25. Andrew Glina

    Andrew Glina Registered Member

    Joined:
    Sep 22, 2005
    Posts:
    14
    Location:
    Hobart (Australia)
    Links

    Actually all my links are like that. When I did the last site redesign two years ago I thought it would be "cool" to have grey links with a black roll over. Time for a rethink?

    I do agree that the description of the program does boast a bit about what I think is good about the method... but isn't that the point? I do want people to be intrigued and try the program. But I do say that "...It is argued by some though that this will never happen due to the laws of physics!..." It is not like other companies say in their promo blurb "some feel that this method is risky as a new algorithmic weakness could be discovered tomorrow". I give a long description in the ReadMe about the pros and cons of the method so I feel that I am providing my users with the knowledge (and several links) to decide themselves.

    Thanks for pointing out the FAQ link error (I think I have fixed it) and for the kudos.
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.