[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: SafE Mail Corporation




M.Wagoner (1) writes:
> We would like someone to be able or should I say try and crack our
> encryption. IT IS IMPOSSIBLE.
> 
> Our Web site is http://www.sfmc.com  Phone number is 1-800-252-9938.
> 
> Randy Estridge
> SafE Mail Corporation  

I checked the web site, and found the following snake oil aroma
(caused largely by the idiotic commentary and the word "proprietary"
on the encryption algorithm...)

------
* SafE Mail utilizes a short 22 character Public Key which I realize
  is "great" for key exchange. Does this short Public Key the
  encription code vulnerable to attack?

       No! The Public Key is generated by a "One Way Hash Function"
       when the owner of the software names a private key or
       passwords. This makes the encryption code secure and not
       vulnerable to attack by unautorized individuals.

[Perry's comments: 1) personal pet peve -- using quote marks for
emphasis. 2) Er, whats this crap? I understand perhaps generating RSA
keys off of a passphrase, but that wouldn't help you with key
exchange -- your public key is 1024 bits no matter what you do. As for
the rest...]
[...]
* Is Safe Mail really secure?

       We believe so. Unlike other encryption software, SafE Mail,
       through its proprietary encryption algorithm, leaves neither a
       backdoor nor a master key for any third party decryption of an
       encrypted file. To achieve extra security, SafE Mail allows an
       unlimited number of multiple encryptions without corrupting the
       original file. The output encrypted file bears no hint to the
       size or type of the original file
[Perry's comments: Yeah, like PGP has a back door or anything, or like
it prevents superencipherment, or like it leaks what your file was...]
-------

Having read the web site, the thing looks like it offers no advantage
at all over PGP and that it might be a piece of junk. I say stick with
whats known to be good and is free. PGP's price is certainly right,
especially when you consider what crap the "commercial" stuff like
this usually is.

Oh, and to the folks at Safe Mail: I will happily test out the quality
of your software for my standard consulting rate. My time is, however,
too valuable to waste on stuff like this without being paid. If other
people want to have a good time testing your product out, let them
feel free.

Perry