[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Reply to queries concerning DE



>From: Stanton McCandlish <[email protected]>
>Subject: Dolphin Encrypt
>To: [email protected]
>Date: Wed, 19 May 93 6:39:04 MDT
>
>> The recipient captures the entire message as, say, G.ENC, then runs:
>>
>>                        DE D G.ENC G.DEC /t
>>
>> (Of course, she has to know the encryption key.)  Dolphin Encrypt
>> skips over P1 to get at C2 and writes G.DEC containing P2.  Voila!
>
>My question is, how does the recipient get the key,
>and how do they (she, whatever) know to use that long de command?
>What would happen if they didn't, just get gibberish?

1.  I'm sure Stanton is aware (though perhaps there are some
people who are not) that there were cryptosystems in existence
before PGP, and before public key cryptography was invented.
DES is an example.  Such cryptosystems (in contrast to PGP) are
called "symmetric key" systems since the key used to encrypt is
the same as the key used to decrypt.  This being so, there is the
problem of how to get the key to the person decrypting the received
ciphertext. (This is as true for DES as for any other symmetric
key system.)  There are ways, more or less secure.  A secure way
is to use PGP to transmit the encrypted key.  If your only
encryption need is transmitting encrypted email then PGP may be
all you need.  If you want to encrypt lots of 1MB database files,
either to keep around or to transmit, then a faster encryption
process is needed.

2.  They know how to use "that long de command" (actually I think
it's quite short) because they've RTFM or had it explained to
them, just as for PGP.

3.  If they didn't use it they'd just have a block of what looks
like uuencoded stuff in the middle of the received message.  If
they put a wrapper around it and uudecoded they'd get *real* gibberish.

>From: Eric Hughes <[email protected]>
>To: [email protected]
>Subject: Mixing ciphertext and plaintext
>
>>If you wish to mix plaintext and ciphertext in an email message then
>>you can use Dolphin Encrypt.
>
>What cryptosystem does Dolphin Encrypt use?  Is the algorithm
>published somewhere?
>
>Eric

The encryption process was developed and refined, with no input from
any government agency, during the last few years.  A general description
of it is given in the manual that comes with Dolphin Encrypt. I shall
post this description in the following message.  Comments are welcome.
Although this description is quite detailed, it is not sufficient to
work through the process with pencil and paper, since it is too
complex.  The complete details can only be understood from a study of
the C source code, which is provided with the Dolphin Encryption
Library, a C library usable by programmers to add encryption capabilities
to application programs.  More details available by snailmail; requests
by email or to 512-479-9208.  (We finally had our cute executive secretary
record the message; sounds better now - and, no, she doesn't throw the
Selectric typewriter ribbons in the trash.  In fact, we feed *all* our
cast-off confidential data to the hogs out back.  Best security method
we've ever used, though the dobermans are pretty good too.)

-- Peter Meyer

P.S.  Info going out by snailmail to all who requested it.