Quick text encryption with ImmediateCrypt

Discussion in 'privacy technology' started by lotuseclat79, Jul 13, 2012.

Thread Status:
Not open for further replies.
  1. lotuseclat79

    lotuseclat79 Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    5,097
  2. chronomatic

    chronomatic Registered Member

    Joined:
    Apr 9, 2009
    Posts:
    1,343
    Only problem with that is you have to exchange a key securely beforehand. This is the entire reason public-key schemes were invented back in the 1970's.
     
  3. LockBox

    LockBox Registered Member

    Joined:
    Nov 20, 2004
    Posts:
    2,275
    Location:
    Here, There and Everywhere
    True. But, it's perfect for couples who are going to be away from one another and can exchange the password on the drive to the airport. It's not high security, but it opens the door to greater use of encryption. That's key. (no pun intended!)
     
  4. giacomodrago

    giacomodrago Registered Member

    Joined:
    Jul 14, 2012
    Posts:
    1
    I'm the author of that small tool.

    Actually, I agree with both of you, chronomatic and LockBox: ImmediateCrypt is a "piece of crap" (no joke) for anyone having some knowledge about PGP or S/MIME stuff. Public key schemes are a thousand times better, and there are several open-source tools which are proven to be effective and have been inspected and reviewed by many talented security experts.

    ImmediateCrypt is just a small piece of code with a funny name built around a good Java cryptography API: you have a text box and a password, you click "encrypt" and you're done. The only advantage is its ease of use, and it can eventually make people curious about security/cryptography issues.

    The only drawback is a false sense of security: passwords may be weak, the computers may be infected (keyloggers, etc...), the password exchange is a very tough task to do and ... the program may have bugs reducing the strength of the algorithms being employed (I never trust the programmer, including myself).
     
  5. chronomatic

    chronomatic Registered Member

    Joined:
    Apr 9, 2009
    Posts:
    1,343
    Wow, it's refreshing to see someone who authored a tool like this to admit that schemes that have been peer reviewed by professionals for 20 years are the best route to take. Most people who author crypto tools like this come on here proclaiming that their proprietary closed-source tool is better than GnuPG or Truecrypt. One poster on here even claims to have invented his own crypto algorithm which is "stronger than AES." A lot of people fall for snake oil such as this.

    This is not to say your tool is bad or implemented incorrectly, but I always warn people on these forums to use well vetted and peer reviewed crypto solutions.

    Yes, I see this as being beneficial. And I respect your candor and your reasoning behind writing such a tool.

    Yep. Even the best programmers make mistakes, and even one tiny mistake can break an entire crypto system. This is why it is best not to rely on any solution for real security unless it has been out in the open for years under close scrutiny.

    Your tool does have uses and I hope it does draw more people into thinking about using crypto on a regular basis.
     
Loading...
Thread Status:
Not open for further replies.