[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: !! Point 'n Crypt -- Win95 Privacy for Everyone !!
There is no arguing that 40 bits is strong security. I agree with that.
But we (Soundcode, and anyone else in the business of crypto) have to also
look at things from the standpoint of market share and market size.
Exportability directly affects market size and weighs in fairly heavily.
(Which is why ITAR (oops, Commerce) restrictions bite). Which is why the
current offering is 40 bits.
As for security, the current release of PnC is primarily targetting
privacy, not security. They are two very similar but different approaches.
40 bits is sufficient to encrypt files and keep them away from friends,
family and coworkers (unless you work at the NSA). The point of Point 'n
Crypt is to attempt to make encryption technology easily useable and
widespread. If anything you have is of such a nature that 40 bits isn't
enough protection then by all means don't use PnC (at least not this
version :).
As for your final point, I agree, some people are stupid. But part of the
purpose of being a cypherpunk (and SoundCode) is to educate those that can
be educated. Sometimes education just has to take pretty small steps...
later,
walt
----------
From: Matthew Ghio[SMTP:[email protected]]
Sent: Friday, December 13, 1996 4:49 PM
To: [email protected]
Cc: [email protected]
Subject: Re: !! Point 'n Crypt -- Win95 Privacy for Everyone !!
[email protected] (Walt Armour) wrote:
> Point 'n Crypt uses 40-bit DES-CBC (exportable), salted SHA passphrases,
> and conforms to PKCS #5 and PKCS #7.
40bit encryption isn't much security at all. If you've got something
important enough to encrypt, then it's important enough to find a proper
encryption program. Why would anyone buy this shit?
(That's a rhetorical question, of course; the answer is because some
people are stupid...)