http://www.steganos.com/en/cng/
Greg Broiles
gbroiles at parrhesia.com
Wed May 22 18:03:07 EDT 2002
At 09:01 PM 5/22/2002 +0200, Axel H Horns wrote:
>http://www.steganos.com/en/cng/
>
>In view of its crypto properties, is "Steganos Crypt & Go" a usable
>alternative to PGP or GnuPG? Or is it snake oil?
I haven't used the software myself; but according to the webpage you
mention, the software encapsulates messages in executable files which are
to be run by the recipient.
I believe that model is fatally flawed, for a number of reasons (not
necessarily ranked in order of
severity) -
1. Platform independence - what if the executable won't execute on
your recipient's system? The marketing material at
<http://www.steganos.com/en/cng/Crypt%20and%20Go%20-%20Flyer_en.pdf> says
that it only runs on Windows systems. What if you want to correspond with
someone who uses a Mac, or a Unix workstation, or runs a non-Windows OS on
their PC hardware? Will the messages be readable in 10 years, even on a
Windows system?
2. Private key encryption - it appears to use only private key
encryption ("The recipient requires no special software, because Crypt & Go
packages decode themselves after the password is entered.") This means that
you've got to pre-arrange & manage keys to use with your correspondents,
with all of the attendant hassles.
3. Execution of unsolicited, unknown programs - if the recipient
doesn't have special software, how do they know that the executable they
received (a) is really from you, and (b) is what it purports to be? What if
it's email sent by a virus like Klez? An incoming might be from a third
party who had the two of you in his address book when s/he was infected.
It's wildly irresponsible and reckless to run executables received
unsolicited via email, which is exactly what Crypt-and-Go depends on. (In
light of Klez and other email-forging viruses, it should be abundantly
clear that it's not good enough to rationalize "well, I recognize the name
of the person in the From: header, so I guess this is safe".)
Sure, a reasonable response to (3) is to install a virus scanner, and/or
special crypto software which will authenticate the message before running
the executable .. but if you've done that, you've abandoned the "no special
software" marketing feature, and might as well just mail text documents
back & forth, since you've got an authentication scheme you trust.
They say they use 128-bit AES - which sounds fine, if it's implemented
appropriately - but even assuming a bulletproof AES implementation, the
other aspects of the package make it, in my opinion, a danger to its users,
who would be better served sending emails in the clear or faxes.
--
Greg Broiles -- gbroiles at parrhesia.com -- PGP 0x26E4488c or 0x94245961
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com
More information about the cryptography
mailing list