From: “Perry E. Metzger” <perry@piermont.com>
To: safemail@ntrnet.net (M.Wagoner (1))
Message Hash: 1b9cd498ae8bb573e3ffefed318aad52486fc5a909ca2997c58177350364dd96
Message ID: <199606172238.SAA20263@jekyll.piermont.com>
Reply To: <199606172121.RAA00883@ns1.ntrnet.net>
UTC Datetime: 1996-06-18 05:45:28 UTC
Raw Date: Tue, 18 Jun 1996 13:45:28 +0800
From: "Perry E. Metzger" <perry@piermont.com>
Date: Tue, 18 Jun 1996 13:45:28 +0800
To: safemail@ntrnet.net (M.Wagoner (1))
Subject: Re: SafE Mail Corporation
In-Reply-To: <199606172121.RAA00883@ns1.ntrnet.net>
Message-ID: <199606172238.SAA20263@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain
M.Wagoner (1) writes:
> We would like someone to be able or should I say try and crack our
> encryption. IT IS IMPOSSIBLE.
>
> Our Web site is http://www.sfmc.com Phone number is 1-800-252-9938.
>
> Randy Estridge
> SafE Mail Corporation
I checked the web site, and found the following snake oil aroma
(caused largely by the idiotic commentary and the word "proprietary"
on the encryption algorithm...)
------
* SafE Mail utilizes a short 22 character Public Key which I realize
is "great" for key exchange. Does this short Public Key the
encription code vulnerable to attack?
No! The Public Key is generated by a "One Way Hash Function"
when the owner of the software names a private key or
passwords. This makes the encryption code secure and not
vulnerable to attack by unautorized individuals.
[Perry's comments: 1) personal pet peve -- using quote marks for
emphasis. 2) Er, whats this crap? I understand perhaps generating RSA
keys off of a passphrase, but that wouldn't help you with key
exchange -- your public key is 1024 bits no matter what you do. As for
the rest...]
[...]
* Is Safe Mail really secure?
We believe so. Unlike other encryption software, SafE Mail,
through its proprietary encryption algorithm, leaves neither a
backdoor nor a master key for any third party decryption of an
encrypted file. To achieve extra security, SafE Mail allows an
unlimited number of multiple encryptions without corrupting the
original file. The output encrypted file bears no hint to the
size or type of the original file
[Perry's comments: Yeah, like PGP has a back door or anything, or like
it prevents superencipherment, or like it leaks what your file was...]
-------
Having read the web site, the thing looks like it offers no advantage
at all over PGP and that it might be a piece of junk. I say stick with
whats known to be good and is free. PGP's price is certainly right,
especially when you consider what crap the "commercial" stuff like
this usually is.
Oh, and to the folks at Safe Mail: I will happily test out the quality
of your software for my standard consulting rate. My time is, however,
too valuable to waste on stuff like this without being paid. If other
people want to have a good time testing your product out, let them
feel free.
Perry
Return to June 1996
Return to “snow <snow@smoke.suba.com>”