From: Alan Olsen <alano@teleport.com>
To: “JOHN E. HOLT” <76473.1732@compuserve.com>
Message Hash: 0ddd50efdc5ac1990ffa2a53111499d9c73eb09d00d687dcd7de7b508c45a05e
Message ID: <3.0b11.32.19960827120805.00bb8714@mail.teleport.com>
Reply To: N/A
UTC Datetime: 1996-08-27 22:45:30 UTC
Raw Date: Wed, 28 Aug 1996 06:45:30 +0800
From: Alan Olsen <alano@teleport.com>
Date: Wed, 28 Aug 1996 06:45:30 +0800
To: "JOHN E. HOLT" <76473.1732@compuserve.com>
Subject: Re: The POUCH
Message-ID: <3.0b11.32.19960827120805.00bb8714@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain
At 07:44 PM 8/26/96 EDT, JOHN E. HOLT wrote:
>The Pouch uses a 64 x 64 block product cipher, a 1024 bit random initialization
>vector and the CBC technique. Most experts agree that such an
implementation >is highly resistant to all forms of cryptographic attack.
That depends highly on the cypher. Also depends on if your "initialization
vector" is truly random. (Or even close, as some other companies have found
in the past...)
It is resistant to all attacks that you know of. Depending on the nature of
the algorythm, this could be true in some sense, false in some sense and
meaningless in some sense. Without published code, it is meaningless in all
senses.
>Hellman and Dilfie rely on knowing the algorithm for their known plain text
>attacks
>An unpublished algorithm forces them into reverse engineering the computer
>programs to learn the algorithm. The POUCH has many roadblocks built in
>to prevent this.
As someone who has spent time reverse engeneering code, I find this one
pretty funny. The only thing I have found that will obscure code in any
real fashion is writing it badly. "Roadblocks" to reverse engeneering also
tend to be a speed hit. Either way, it will not stop someone with the
proper skills and tools.
>I refer to Cummings, Cryptography and Data Security pages 150 and 98 in
this >regard.
Do we have to read them in reverse order or is that part of the roadblock
you are using to make things more difficult...?
I will be interested to see just what kind of liability problems you run
into when this thing gets compromised. Of course, with a name like "The
Pouch", you will probibly just claim it was a "kangaroo court".
---
| "Remember: You can't have BSDM without BSD. - alan@ctrl-alt-del.com "|
|"The moral PGP Diffie taught Zimmermann unites all| Disclaimer: |
| mankind free in one-key-steganography-privacy!" | Ignore the man |
|`finger -l alano@teleport.com` for PGP 2.6.2 key | behind the keyboard.|
| http://www.teleport.com/~alano/ | alano@teleport.com |
Return to August 1996
Return to “Alan Olsen <alano@teleport.com>”
1996-08-27 (Wed, 28 Aug 1996 06:45:30 +0800) - Re: The POUCH - Alan Olsen <alano@teleport.com>