From: C Matthew Curtin <cmcurtin@research.megasoft.com>
To: Info@flagler.com
Message Hash: 7dcb280c2fdff6d7f9babeea8af0f81afb1346057b1325eadd3276199cf0f05b
Message ID: <199608181757.NAA10242@goffette.research.megasoft.com>
Reply To: N/A
UTC Datetime: 1996-08-18 20:32:32 UTC
Raw Date: Mon, 19 Aug 1996 04:32:32 +0800
From: C Matthew Curtin <cmcurtin@research.megasoft.com>
Date: Mon, 19 Aug 1996 04:32:32 +0800
To: Info@flagler.com
Subject: THE POUCH
Message-ID: <199608181757.NAA10242@goffette.research.megasoft.com>
MIME-Version: 1.0
Content-Type: text/plain
-----BEGIN PGP SIGNED MESSAGE-----
Allow me to quote from your web page:
http://www.flagler.com/security.html
Quote #1:
"The POUCH is a secure e-mail terminal program for IBM compatible
computers. It uses a secret key phrase, advanced cryptographic
techniques and several unpublished algorithms to protect data in the
body of e-mail messages. The key phrase, which can be up to 48 bytes
long, is easily remembered and communicated. The POUCH is highly
resistant to all known forms of cryptographic attack."
Quote #2:
"We warrant that the product when delivered to you has no short cuts,
covert channels or secret solutions of any kind. No other warranty,
either expressed or implied is given."
These two statements are contradictory; an unpublished algorithm is
itself a secret solution, and a covert channel.
Why is it that software manufacturers keep popping up and spewing
nonsense? Obscurity is not security. Making the algorithm proprietary
does extremely little in making it resistant to attack. All of your
statements regarding the security of "The Pouch" are worthless, for
you have no data with which to substantiate your claims.
If it is any good, there's no way for us to know. But your marketing
of the product has every indication that it's nothing more than smoke
and mirrors. To coin a phrase, "pseudocrypto."
Please refrain from your bogus marketing techniques. This kind of
stuff, by claiming to be "real cryptography" makes real cryptographers
look bad.
- --
C Matthew Curtin MEGASOFT, LLC Director, Security Architecture
I speak only for myself. Don't whine to anyone but me about anything I say.
Hacker Security Firewall Crypto PGP Privacy Unix Perl Java Internet Intranet
cmcurtin@research.megasoft.com http://research.megasoft.com/people/cmcurtin/
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Have you encrypted your data today?
iQCVAwUBMhdZaBhyYuO2QvP9AQHaxQP+OvqYc9U/3BTPwnEhL/9ADkzL+ulhILpj
1zbyhktoCB4yMB13WQgm05DM6lolUufo63nkhsX4giMhrQ2XCBeM5/8pxJOD2ThY
3+foxma7e3tUv8r6PjNlnhn2TzVPPgbN+6NdpUCbNtOpG8GsD4EdQ35S+H0Y+aJm
75FfHfaDrNQ=
=6Zxy
-----END PGP SIGNATURE-----
Return to August 1996
Return to “Mike van der Merwe <mikev@is.co.za>”