Encryption strength?

Discussion in 'Other Ghost Security Software' started by ArchAngel_8, Jan 5, 2004.

Thread Status:
Not open for further replies.
  1. ArchAngel_8

    ArchAngel_8 Registered Member

    Joined:
    Dec 25, 2003
    Posts:
    89
    Location:
    US
    Hey... All

    Just this past weekend I purchased the "Action Pack" from DiamondCS and I definitally will be getting CS soon! I read through many of the threads, as well as some links to sites explaining basic encryption techniqes. It has been said that encryption programs/techniqes must be approved for distribution outside of there respective countries of origin and in some cases being "watered Down" because the country of origin aperentally feels the encryption method is "too Strong". The US was mentioned as one of the countries that does this often. Anyway, in one of the threads, I think it was Jason, said that CS had to be approved By the Government to be exported. So I guess my question is....
    Is any encryption software really that good if "goverments" are dictating wether or not it may be exported and if so, wether it must be "watered down" to make it exportable? I'm sure CS will be fine for my personal info, ect.. but I was just curious if the average "Government" could break CS? I am a Dunce at computeres and I know even less regarding Cryptogrophy.. so please eccuse any wrong or inacurate portions of my post. :rolleyes:
     
  2. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    There is an international agreement (Wassenaar), and there are a few countries to which such encryption software can't be shipped legally. So it must be too good at least :)
     
  3. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    As far as we know the encryption within CS cannot be broken.
    Most countries that are party to the International agreement have other ways of breaking the codes & these are legal methods i.e. not by breaking the encryption. Such as in the UK where a Government agency(s) can demand the encryption keys & passwords from the user with the threat of a jail sentence if they do not comply. I believe the US has similar "arrangements" :)
     
  4. ArchAngel_8

    ArchAngel_8 Registered Member

    Joined:
    Dec 25, 2003
    Posts:
    89
    Location:
    US
    Yes... My Country apears to be the leader in controling "things" even though I or anyone for that matter, could buy various drugs&or Guns on many a street corner..lol :'(
    I just found it kinda like cheeting if "Governments" could demand certain software or the lessening of certain software to protect their own interest. I must add, that I did/nor do I mean to start a, what certainally is an "endless" political disscussion, but onley to understand the aspects of what seems to be "CONTROLED" Cryptogrophy! :rolleyes:
    One other point/question would be the ability to "delete" to DOD Standards...? Is that regulated or is it probable that "Governments" have a Monopoly on that ability Too? As I said I still will purchase CS because of the DiamondCS reputation.. but i love to "understand" things that are Alien to me....! :p
     
  5. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Experts will argue forever on this one!

    Governments set internal standards but CS can do that and more ;)

    From the CS Help file: >

    Standards have been developed by differing countries on exactly how many passes need to be done to securely remove data from a hard drive, CryptoSuite exceeds all these standards to ensure proper file deletion.
    CryptoSuite's secure deletion algorithm consists of 5 wipes for each pass. The number of passes can be specified by the user when performing secure deletion.

    Wipe 1 :- Fill with 0x00.
    Wipe 2 :- Fill with either 0x55 or 0xAA. Randomly chosen which one to fill with.
    Wipe 3 :- Fill with 0x55 if pass 2 was filled with 0xAA otherwise fill with 0xAA.
    Wipe 4 :- Fill with 0xFF.
    Wipe 5 :- Fill with random data.

    The filename for the file is then overwritten 100 times with random characters. This ensures that the file data and filename cannot be recovered.
     
  6. Jason_R0

    Jason_R0 Developer

    Joined:
    Feb 16, 2005
    Posts:
    1,038
    Location:
    Australia
    Hi ArchAngel, our government requires that everyone who exports cryptographic products "notifies" them that they are doing so. This is so they can tell these people not to export to the terrorist countries. Most countries now do the same, as Jooske said under the Wassenaar agreement.

    As one of the strange things of the world, near all countries allow the IMPORT of any cryptographic product, but most restrict the export. This is to stop the "so called" terrorist countries from gaining access to high strength cryptographic products that the governments cannot break. The fact that there are a few countries with extremely lax or no export controls means these terrorist countries can either compile or download products already off the internet, hence making the fact we do any export control almost irrelevant.

    Some countries (like the USA) in the past have "watered" down the strength of the products that have been exported, so whilst the strength of the product in the home country can be "full" as soon as someone from outside the country uses it or downloads it, it is weakened. I am pretty sure now (even though I havn't exported a product from the USA so I cannot be 100% sure) that USA allows export of strong crypto products as long as they notify the government.

    Finally, there is no way I would release CryptoSuite with any sort of weakness in it. If the government demanded I did, then we would have to resort to other methods to get the product out there, and there are many ways to get around crypto export laws, legally. The fact that our government has or had no influence over our product is 100% always guaranteed by DiamondCS.

    -Jason-

     
  7. ArchAngel_8

    ArchAngel_8 Registered Member

    Joined:
    Dec 25, 2003
    Posts:
    89
    Location:
    US
    :cool: Hey Jason..... Happy New Year!

    That clears up a lot with regards to the import/export stuff! thanks. And please, I hope you did not think I was "ragging" on CS! I have dowloaded the trial and will get the full version as soon as my "software" fund will support it..LOL! Its just linda interesting how that stuff works.... One thing, You may have already addressed but, ...
    If isomeone was to obtain a particular type of crypto, from a Host country, couldn't they just send it or transfere it to the Bad guys.. or did I miss some aspect of the transfere/export proccess? Kinda like file sharing or somthing... or software piracy? Anyway.. I am sure CS will help me protect myself from the "bad guys" atleast! :D
     
  8. Jason_R0

    Jason_R0 Developer

    Joined:
    Feb 16, 2005
    Posts:
    1,038
    Location:
    Australia
    I didn't think you were "ragging" on CS :) . Yes the Government knows it can't properly "control" the internet to stop people illegally buying goods (either with a stolen CC or through another person). It's one of those things which in my mind is "stupid". You could probably say this about a lot of the things most governments do because they are very generalized and don't really change to suit specific instances.

    So can terrorists get any crypto they want with little work? Yes. Is what our Governments doing helping to stop this? No. :) .

    -Jason-
     
Thread Status:
Not open for further replies.