[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[reformatted] how secure can privasoft be?
heres a version with eighty character lines:
============================================================================
How Secure Can PrivaSoft Be?
Introduction
PrivaSoft is a communication security product, and the user is entitled to
know how secure it is. This document addresses the question of cryptographic
strength of PrivaSoft.
Export license regulations
In some advanced countries, cryptographic products are categorized as
"munitions" and their use, sale or exportation is controlled by local
licensing regulations. PrivaSoft has obtained an export license from the
governments of Israel and the USA. Licenses in other countries are obtained
in coordination with the local distributors.
The typical policy is to limit the allowable cryptographic strength of
commercial products to a level that is strong enough for commercial purposes.
The basic intention of this regulation is to protect the state from abuse of
too strong cryptographic products by terrorists and criminals. Some countries
do not practice such law because it is viewed as a denial of freedom of
expression. PrivaSoft willfully complies with these regulations as it is a
commercial product, and it is not intended for national security applications
with its current key length which is the maximum legally allowable for
commercial users.
The cryptographic engine of PrivaSoft
PrivaSoft uses a pseudo-random generator that is seeded by a 9 digit number
uniformly normalized from the user's secret key. The engine is proprietary,
designed according to the rules of modern cryptology to make the best use of
the allowable key length.
Like other dependable cryptographic engines, the structure of the encryption
software can be disclosed without compromising the security of the user.
However, the coding and specific parameters of the mechanism are considered a
trade secret and will be disclosed for the purpose of cryptoanalytic
validation when necessary and under an appropriate non-disclosure non-
competition agreement.
The use of default keys
When secret keys or passwords are used by laymen, there is always a conflict
between security and convenience: The user tends to use fixed, easily
memorized keys again and again, while the cryptoanalyst only waits for an
opportunity to see many messages encrypted by the same key. PrivaSoft, being
a secure commercial product must live in peace with both - allow the user to
use a repetitive, default key, and deny the cryptoanalyst the pleasure of
having many messages encrypted by one key. This is done by using the pseudo-
random "key extension" feature which is described in the PrivaSoft user's
guide.
The information contents a clear message
If a cryptographic product is properly designed, then the almost only way to
crack it is to try all possible keys. If the process is done by a computer,
the "cracking"" software must be taught to tell the correct key from the
wrong keys. This can only be done if there are some properties of the
decrypted message that are known a - priori. With the PrivaSoft analogue
graphical encryption, and with the naturally noisy fax images, a significant
portion of the page must be reconstructed, and a significant amount of
mathematical correlation must be calculated between neighboring areas of the
image, before the cracking software can tell whether the candidate key is
wrong. This makes the cracking process much slower than in alphanumeric
encryption of the text in a natural language. The 9 digit key, when applied
to analogue, the graphical encryption is equivalent to a much longer key
applied to alphanumeric encryption. The cryptographically oriented user can
make it very much harder by some smart pre-processing of the image prior to
its encryption. A simple example: For a short message, increasing the font
size of the text by a factor of 10 will significantly increase the time
required for breaking the encryption.
Customized versions of PrivaSoft
PrivaSoft is unique in being a one-stop product than can serve all types of
modern correspondence, including E-mail, fax and paper printouts. Special
applications that need and can obtain a license to use non-commercial
cryptographic engines can be accommodated by special versions of PrivaSoft.
The cryptographic engine can be customer-furnished and customer integrated,
however - since in some areas the integration of this product with certain
cryptographic engines may be considered "munitions", each customized version
of the product has to be licensed separately in accordance with the laws of
the territory where it was created and used.
==========================================================================