1996-02-20 - Re: Internet Privacy Guaranteed ad (POTP Jr.)

Header Data

From: “Perry E. Metzger” <perry@piermont.com>
To: IPG Sales <ipgsales@cyberstation.net>
Message Hash: 1a5f89a6a0b720419fbd242874f1230f4f85b6c8d8a7ab3543c463f2afb77772
Message ID: <199602200101.UAA00472@jekyll.piermont.com>
Reply To: <Pine.BSD/.3.91.960219181128.5326C-100000@citrine.cyberstation.net>
UTC Datetime: 1996-02-20 03:12:34 UTC
Raw Date: Tue, 20 Feb 1996 11:12:34 +0800

Raw message

From: "Perry E. Metzger" <perry@piermont.com>
Date: Tue, 20 Feb 1996 11:12:34 +0800
To: IPG Sales <ipgsales@cyberstation.net>
Subject: Re: Internet Privacy Guaranteed ad (POTP Jr.)
In-Reply-To: <Pine.BSD/.3.91.960219181128.5326C-100000@citrine.cyberstation.net>
Message-ID: <199602200101.UAA00472@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



IPG Sales writes:
> > Once you have applied for the patent you no longer need be
> > secret -- indeed, you can still apply for a patent up to one year
> > after full publication.

>True, but we are not sure what is going to be covered by patents,
>obviously you must know that wemay have to treat some of the
>information, maybe all of the really iomportant stuff as trad secret
>material

If you make any of your work at all trade secrets your entire system
is totally unacceptable to any real client with real security
needs. No rational security person is willing to accept the words of
snake oil salesmen -- like yourselves -- on faith.

> In time they will, because keymanagem,ent makes RSA systems unmanageable
> for large organizations - offer such a suystem to Merrill Lynch and be
> laughed out of the office - only a syustem such as ours resolve that
> problem!

You are the ones that are going to get laughed out of places, except
for the offices of the ignorant and gullible, whom you might prey
on. You should be ashamed to even dare to put it on the market. You
are committing nothing less than fraud, in all likelyhood.

You system resolves no key management problems because at this point
-- sight unseen -- I'm almost sure it is a piece of junk. You are
putting out too many "this is crap" keywords for me to think
otherwise. However, let me point out that you guys also don't know
what you are talking about. There is no key management problem per
se. RSA based systems are quite easy to use.

Even private key systems are quite workable. I actually work with
these firms -- its what I do for a living. They have existing systems
based on KDCs (do you even know what a KDC is?) and they function just
fine. As for public key technologies, they are in many cases
implementing technologies based on public key system. The only people
that are going to be laughed out are you guys. You are obviously the
worst kind of snake oil salesmen.

> > > If you are aware of encrtypting technology, you recognize that hardware
> > > prime number cycle wheels for the basis of some of the most secured
> > > hardware systems employed for encryption.
> 
> Please refer to Dorthy Dennings excellent work on mathematical
> crytanalysis of wheeeled cryptosystems,

Are you refering to rotors, by any chance? Rotors are World War II era
technology. Of course, who can even guess what you are talking
about. You make about as much sense as the people handing out xeroxed
pamphlets on the street corner informing all comers about the fact
that they are being controlled by aliens.

> > > The total number of possibilities is over 10 to the 1690th power and can
> > > be much larger.=
> >
> > Spare us the bull. You don't get security in a crypto system from
> > having impressive combinatorial explosions. A simple monoalphabetic
> > substitution can claim to have 403291461126605635584000000 possible
> > keys and you wouldn't trust your six year old cousin not to crack
> > it. (the number would be far, far more impressive if I'd taken all
> > ASCII characters instead of just the alphabet of 26 letters in to
> > account).

> Who in the world said it was monalpabetic substitution -

I didn't. I just said that impressive numbers are meaningless. A
simple repeating Vigenere cipher's key can easily have more than
10^1690 possible keys and yet be crackable with no trouble at
all. Sheer number of combinations is meaningless. Big numbers are
meaningless. If you understood cryptography, my point would have been
obvious. You don't understand technology.

> we are talking
> about the random sequences for a single message - A random prime number
> wheel system, provides a far more secure system that RSA based systesms,

The first part of your comment is meaningless. The second part implies
that you know how to break RSA public key cryptography. Please
enlighten us as to how.

> - check it out, and do some investigating instead of talking.

You won't allow anyone to do any investigating on your methods since
you keep them secret.

You should be ashamed. Luckily, no one is going to buy your products,
especially not once the crypto community is finished with you.

Perry





Thread