From: privsoft@ix.netcom.com (Steve )
To: cypherpunks@toad.com (Cypherpunks Mailing List)
Message Hash: 0ab30de15a0726f5c5a5bc08ec9026f8ae541621cbb1bb198ce49562cd858419
Message ID: <199510191953.MAA29605@ix10.ix.netcom.com>
Reply To: N/A
UTC Datetime: 1995-10-19 19:54:35 UTC
Raw Date: Thu, 19 Oct 95 12:54:35 PDT
From: privsoft@ix.netcom.com (Steve )
Date: Thu, 19 Oct 95 12:54:35 PDT
To: cypherpunks@toad.com (Cypherpunks Mailing List)
Subject: Re: responce to graphic encryption replies
Message-ID: <199510191953.MAA29605@ix10.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain
find attached the document on PrivaSoft in txt format. Once again if
you have any comments please call or E-mail me.
Steve Orrin
Mgr. Tech Services
*************************************************
PrivaSoft TM *
1877 Springfield Ave PO BOX 600 *
Maplewood NJ 07040-0600 *
Tel. 201-378-8865 Fax. 201-762-3742 *
Http://www.privasoft.com/privasoft *
E-mail: privsoft@ix.netcom.com *
*************************************************
How Secure Can PrivaSoft Be?
Introduction
PrivaSoft is a communication security product, and the user is entitled to know how secure it is. This document addresses the question of cryptographic strength of PrivaSoft.
Export license regulations
In some advanced countries, cryptographic products are categorized as "munitions" and their use, sale or exportation is controlled by local licensing regulations. PrivaSoft has obtained an export license from the governments of Israel and the USA. Licen
ses in other countries are obtained in coordination with the local distributors. The typical policy is to limit the allowable cryptographic strength of commercial products to a level that is strong enough for commercial purposes. The basic intention of
this regulation is to protect the state from abuse of too strong cryptographic products by terrorists and criminals. Some countries do not practice such law because it is viewed as a denial of freedom of expression. PrivaSoft willfully complies with the
se regulations as it is a commercial product, and it is not intended for national security applications with its current key length which is the maximum legally allowable for commercial users.
The cryptographic engine of PrivaSoft
PrivaSoft uses a pseudo-random generator that is seeded by a 9 digit number uniformly normalized from the user's secret key. The engine is proprietary, designed according to the rules of modern cryptology to make the best use of the allowable key length.
Like other dependable cryptographic engines, the structure of the encryption software can be disclosed without compromising the security of the user. However, the coding and specific parameters of the mechanism are considered a trade secret and will be
disclosed for the purpose of cryptoanalytic validation when necessary and under an appropriate non-disclosure non-competition agreement.
The use of default keys
When secret keys or passwords are used by laymen, there is always a conflict between security and convenience: The user tends to use fixed, easily memorized keys again and again, while the cryptoanalyst only waits for an opportunity to see many messages
encrypted by the same key. PrivaSoft, being a secure commercial product must live in peace with both - allow the user to use a repetitive, default key, and deny the cryptoanalyst the pleasure of having many messages encrypted by one key. This is done by
using the pseudo-random "key extension" feature which is described in the PrivaSoft user's guide.
The information contents a clear message
If a cryptographic product is properly designed, then the almost only way to crack it is to try all possible keys. If the process is done by a computer, the "cracking"" software must be taught to tell the correct key from the wrong keys. This can only b
e done if there are some properties of the decrypted message that are known a - priori. With the PrivaSoft analogue graphical encryption, and with the naturally noisy fax images, a significant portion of the page must be reconstructed, and a significant
amount of mathematical correlation must be calculated between neighboring areas of the image, before the cracking software can tell whether the candidate key is wrong. This makes the cracking process much slower than in alphanumeric encryption of the tex
t in a natural language. The 9 digit key, when applied to analogue, the graphical encryption is equivalent to a much longer key applied to alphanumeric encryption. The cryptographically oriented user can make it very much harder by some smart pre-proces
sing of the image prior to its encryption. A simple example: For a short message, increasing the font size of the text by a factor of 10 will significantly increase the time required for breaking the encryption.
Customized versions of PrivaSoft
PrivaSoft is unique in being a one-stop product than can serve all types of modern correspondence, including E-mail, fax and paper printouts. Special applications that need and can obtain a license to use non-commercial cryptographic engines can be accom
modated by special versions of PrivaSoft. The cryptographic engine can be customer-furnished and customer integrated, however - since in some areas the integration of this product with certain cryptographic engines may be considered "munitions", each cus
tomized version of the product has to be licensed separately in accordance with the laws of the territory where it was created and used.
Return to October 1995
Return to “Tatu Ylonen <ylo@cs.hut.fi>”