1996-06-20 - Re: Safemail

Header Data

From: droelke@rdxsunhost.aud.alcatel.com (Daniel R. Oelke)
To: reagle@MIT.EDU
Message Hash: c2c5f77407229fff8c66134fbda2be4757ab0af567aaa5c6bba83d12a54a66ca
Message ID: <9606191910.AA11834@spirit.aud.alcatel.com>
Reply To: N/A
UTC Datetime: 1996-06-20 03:10:36 UTC
Raw Date: Thu, 20 Jun 1996 11:10:36 +0800

Raw message

From: droelke@rdxsunhost.aud.alcatel.com (Daniel R. Oelke)
Date: Thu, 20 Jun 1996 11:10:36 +0800
To: reagle@MIT.EDU
Subject: Re: Safemail
Message-ID: <9606191910.AA11834@spirit.aud.alcatel.com>
MIME-Version: 1.0
Content-Type: text/plain


> 
> >        SafeMail uses a proprietary Russian algorithm.
> 
>         Maybe it is GOST. Schneir covers it, and there is a white paper on
> it at the b_crypt site.
> 

I spoke with a fellow there for about 20 minutes today about their 
program.  Sounded like these guys are just front-ends and 
obviously know nothing about the technology.  (Couldn't
answer how many bits of the "22 character" key were in use)

He did assure me it wasn't GOST, or anything published.
Story was that a Russian emigrant (sp?) came over to the US 
and this is his algorithm.  Apparently this person is 
not willing (at this time) to put the algorithm out for
public review. 

I spent most of my time pushing for some sort of peer review.
Supposedly they have talked with Schneier and Denning, about
the method but neither has done more than talk with them 
briefly about the method.  (I understood from what 
he said that they weren't willing to pay Bruce what it
would take to do a through review. ;-)

I also spent some time educating them about PGP
and how it does do compression, ASCII armour, etc.

All in all they guy was plesant enough, but no real 
details on how the system works.  What I got was that
they "private" key is what you type in.  This is then 
hashed (he even used the word hash) into a 22 character
public key that you share with your friends.  
Even at 8 bits/charcter, 176 bits doesn't sound secure
for a public key algorithm, but then again this isn't
RSA we are looking at.

All in all it still sounds like snake oil to me!

Dan

------------------------------------------------------------------
Dan Oelke                                  Alcatel Network Systems
droelke@aud.alcatel.com                             Richardson, TX






Thread