From: Walt Armour <walt@blarg.net>
Date: Mon, 16 Dec 1996 18:10:11 -0800 (PST)
To: "trei@process.com>
Subject: RE: !! Point 'n Crypt -- Win95 Privacy for Everyone !!
Message-ID: <01BBEB7C.60FEBD40@dialup45.blarg.net>
MIME-Version: 1.0
Content-Type: text/plain


Security through obscurity is no security at all.

As for PnC (actually, the scCryptoEngine beneath it), we get the 40 bits 
from the 56 bits by nulling out the high nybble of every other byte.

walt

----------
From: 	Peter Trei[SMTP:trei@process.com]
Sent: 	Monday, December 16, 1996 2:02 AM
To: 	walt@blarg.net; cypherpunks@toad.com
Subject: 	RE: !! Point 'n Crypt -- Win95 Privacy for Everyone !!

> From:          Walt Armour <walt@blarg.net>
> To:            "'Matthew Ghio'" <ghio@myriad.alias.net>
> Cc:            "cypherpunks@toad.com" <cypherpunks@toad.com>
> Subject:       RE: !! Point 'n Crypt -- Win95 Privacy for Everyone !!
> Date:          Fri, 13 Dec 1996 22:30:23 -0800

> There is no arguing that 40 bits is strong security.  I agree with that.
[...]

Would you mind telling us just how you expand the 40 key to the 56
bits needed for DES? (Security through obscurity has a bad rep on
this list). For many  methods of doing so, 40bit DES is NOT
secure against a motivated individual's attack.

Peter Trei
trei@process.com