From: "Perry E. Metzger" <perry@piermont.com>
Date: Sat, 21 Oct 95 13:52:18 PDT
To: "Dana W. Albrecht" <dwa@corsair.com>
Subject: Re: Challenge: Hack Elementrix!
In-Reply-To: <199510210308.UAA07881@elmos.corsair.com>
Message-ID: <199510211414.KAA12978@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



"Dana W. Albrecht" writes:
> I think that with all the recent attention to Netscape and Microsoft that
> another target has been altogether overlooked:  Elementrix POTP <spit>.

Indeed. I think it is very important that someone out there embarass
these guys. They are truly a frighteningly bad bunch -- totally
ignorant, it seems, of cryptography, and arrogant to boot. Breaking
their software would probably have the good result of keeping people
from being hurt by them, and might even convince them to sell good
stuff in the future instead of snake-oil. If I had the time to
hack their stuff I'd do it myself, but I'm willing to contribute the
cost of a prize T-Shirt for the person who successfully breaks
them. (By the way, Sameer keeps doing end runs around me and paying
for prizes -- no fair! I want to spend some of my money
occassionally!)

> > 1. Breathless, overhyped language ("revolutionary", "breakthrough", etc)
> > 
> > 2. Clear misstatements of well-established theoretical principles
> > (the discussion of the one-time pad)

Yup.

> While Elementrix has failed to provide any detailed technical information
> (specifications, source code, etc.) this is not entirely out of reach.
> 
> You can obtain an evaluation copy of their "secure" FTP client from
> ftp://ftp.elementrix.co.il/pub/secftp/
> 
> This appears to be a binary for Microsoft Windoze.

Doesn't sound like it would be too hard to hack. Gentlemen, start your
microprocessors!

Perry