1996-12-14 - RE: !! Point ‘n Crypt – Win95 Privacy for Everyone !!

Header Data

From: Walt Armour <walt@blarg.net>
To: “‘Matthew Ghio’” <ghio@myriad.alias.net>
Message Hash: 4c2e5f17a1fc333155ea494b6484facf8881dba56735c305f944c6e00fdc4cd8
Message ID: <01BBE945.3B9BC4A0@dialup36.blarg.net>
Reply To: N/A
UTC Datetime: 1996-12-14 06:43:29 UTC
Raw Date: Fri, 13 Dec 1996 22:43:29 -0800 (PST)

Raw message

From: Walt Armour <walt@blarg.net>
Date: Fri, 13 Dec 1996 22:43:29 -0800 (PST)
To: "'Matthew Ghio'" <ghio@myriad.alias.net>
Subject: RE: !! Point 'n Crypt -- Win95 Privacy for Everyone !!
Message-ID: <01BBE945.3B9BC4A0@dialup36.blarg.net>
MIME-Version: 1.0
Content-Type: text/plain

There is no arguing that 40 bits is strong security.  I agree with that.

But we (Soundcode, and anyone else in the business of crypto) have to also 
look at things from the standpoint of market share and market size. 
 Exportability directly affects market size and weighs in fairly heavily. 
 (Which is why ITAR (oops, Commerce) restrictions bite).  Which is why the 
current offering is 40 bits.

As for security, the current release of PnC is primarily targetting 
privacy, not security.  They are two very similar but different approaches. 
 40 bits is sufficient to encrypt files and keep them away from friends, 
family and coworkers (unless you work at the NSA).  The point of Point 'n 
Crypt is to attempt to make encryption technology easily useable and 
widespread.  If anything you have is of such a nature that 40 bits isn't 
enough protection then by all means don't use PnC (at least not this 
version :).

As for your final point, I agree, some people are stupid.  But part of the 
purpose of being a cypherpunk (and SoundCode) is to educate those that can 
be educated.  Sometimes education just has to take pretty small steps...


From: 	Matthew Ghio[SMTP:ghio@myriad.alias.net]
Sent: 	Friday, December 13, 1996 4:49 PM
To: 	walt@blarg.net
Cc: 	cypherpunks@toad.com
Subject: 	Re: !! Point 'n Crypt -- Win95 Privacy for Everyone !!

walt@blarg.net (Walt Armour) wrote:
> Point 'n Crypt uses 40-bit DES-CBC (exportable), salted SHA passphrases,
> and conforms to PKCS #5 and PKCS #7.

40bit encryption isn't much security at all.  If you've got something
important enough to encrypt, then it's important enough to find a proper
encryption program.  Why would anyone buy this shit?

(That's a rhetorical question, of course; the answer is because some
people are stupid...)