Greg Broiles gbroiles at
Wed May 22 18:03:07 EDT 2002

At 09:01 PM 5/22/2002 +0200, Axel H Horns wrote:

>In view of its crypto properties, is "Steganos Crypt & Go" a usable
>alternative to PGP or GnuPG? Or is it snake oil?

I haven't used the software myself; but according to the webpage you 
mention, the software encapsulates messages in executable files which are 
to be run by the recipient.

I believe that model is fatally flawed, for a number of reasons (not 
necessarily ranked in order of
severity) -

1.      Platform independence - what if the executable won't execute on 
your recipient's system? The marketing material at 
<> says 
that it only runs on Windows systems. What if you want to correspond with 
someone who uses a Mac, or a Unix workstation, or runs a non-Windows OS on 
their PC hardware? Will the messages be readable in 10 years, even on a 
Windows system?

2.      Private key encryption - it appears to use only private key 
encryption ("The recipient requires no special software, because Crypt & Go 
packages decode themselves after the password is entered.") This means that 
you've got to pre-arrange & manage keys to use with your correspondents, 
with all of the attendant hassles.

3.      Execution of unsolicited, unknown programs - if the recipient 
doesn't have special software, how do they know that the executable they 
received (a) is really from you, and (b) is what it purports to be? What if 
it's email sent by a virus like Klez? An incoming might be from a third 
party who had the two of you in his address book when s/he was infected. 
It's wildly irresponsible and reckless to run executables received 
unsolicited via email, which is exactly what Crypt-and-Go depends on. (In 
light of Klez and other email-forging viruses, it should be abundantly 
clear that it's not good enough to rationalize "well, I recognize the name 
of the person in the From: header, so I guess this is safe".)

Sure, a reasonable response to (3) is to install a virus scanner, and/or 
special crypto software which will authenticate the message before running 
the executable .. but if you've done that, you've abandoned the "no special 
software" marketing feature, and might as well just mail text documents 
back & forth, since you've got an authentication scheme you trust.

They say they use 128-bit AES - which sounds fine, if it's implemented 
appropriately - but even assuming a bulletproof AES implementation, the 
other aspects of the package make it, in my opinion, a danger to its users, 
who would be better served sending emails in the clear or faxes.

Greg Broiles -- gbroiles at -- PGP 0x26E4488c or 0x94245961

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at

More information about the cryptography mailing list