[OT] Encryption

Fri Jan 2 15:34:51 EST 2004

--- begin forwarded text

User-Agent: Microsoft-Entourage/10.1.4.030702.0
Date: Fri, 02 Jan 2004 20:59:14 +0100
Subject: Re: [OT] Encryption
From: Robert Tito <cassiope at wanadoo.nl>
To: Kyle Moffett <mrmacman_g4 at mac.com>
Cc: Cocoa Development <cocoa-dev at lists.apple.com>,
	Shawn Erickson <shawn at freetimesw.com>
Sender: cocoa-dev-admin at lists.apple.com
List-Id: Discussions regarding native Mac OS X application development
using Cocoa frameworks. <cocoa-dev.lists.apple.com>
List-Post: <mailto:cocoa-dev at lists.apple.com>
List-Help: <mailto:cocoa-dev-request at lists.apple.com?subject=help>
List-Subscribe: <http://www.lists.apple.com/mailman/listinfo/cocoa-dev>,
	<mailto:cocoa-dev-request at lists.apple.com?subject=subscribe>
Status:

On 2-1-2004 20:40, "Kyle Moffett" <mrmacman_g4 at mac.com> wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
>
> On Jan 02, 2004, at 14:11, Robert Tito wrote:
>
>> On 2-1-2004 20:08, "Shawn Erickson" <shawn at freetimesw.com> wrote:
>>> Can you tell us the name of the product?
>>>
>>> Note that describing the algorithm used in an encryption technology
>>> does not imply one has to open your code up but just describe the
>>> ciphers methodology. In absence of that it is hard for anyone to
>>> verify
>>> the ability of the algorithm.
>>>
>>> For example RSA's RC5 is described [1] yet not open sourced. It is
>>> patented and requires licensing to use.
>>>
>>> It sounds like you may have had some type of public/government
>>> verification that has taken place...?
>>>
>>> -Shawn
>>>
>> Its called Salutis.
>
> Do you have a link or a web-page that describes the product?  Where
> might one find more information about said product?  Perhaps a link to
> the government classification standard you claim to be meeting,
> including the identity of the third-party that verified your
> classification
> level.  Please note that I do not want your assembly or C++ code, nor
> do I even want pseudo-code, though pseudo-code is acceptable if you
> want to provide it, it's just a little harder to read.  All I was
> asking for was
> the mathematical procedure(s) you use for encryption.  All of the
> cryptographic experts that I know tell me that anyone who will not
> provide a description of their encryption system for anyone who asks is
> just selling snake-oil in the form of a cryptographic application.
>
> Cheers,
> Kyle Moffett
>
> - -----BEGIN GEEK CODE BLOCK-----
> Version: 3.12
> GCM/CS/IT/U d- s++: a16 C++++>$ UB/L/X/*++++(+)>$ P+++(++++)>$
> L++++(+++) E W++(+) N+++(++) o? K? w--- O? M++ V? PS+() PE+(-) Y+
> PGP? t+(+++) 5 X R? tv-(--) b++++(++) DI+ D+ G e->++++$ h!*()>++$ r
> !y?(-)
> - ------END GEEK CODE BLOCK------
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.3 (Darwin)
>
> iD8DBQE/9ckRag7LSGnFq10RAuIqAKCXliVlmwSwhTJSgwpPFu5r3wYHYgCeIoQN
> tBWdVOrryJmWNg/qXERBqLA=
> =fKQw
> -----END PGP SIGNATURE-----
>
>
This is as far as I can go without infringing out pending patent:
It is a timedependent polymorphic polymetric engine that changes an engine
(randomy chosen out of 10 with a max of 5 engines per file per segment of
256 byte of that file). The timestamp determines for the decrypting engine
and the encrypting engine where to start within the file so the start never
is at byte 1 but follow a timedependent sequence along the file filling up
empty space with white noise.

Because the key is actually the file itself we do not use a public key, only
a key that has to be generated and that is user AND hardware dependent
meaning that a change of hard disk enforces you to get your new encryption
key, one you generate yourself on your own machine. Networkcards are
included as well as BIOS. That way one can safely (more safe as with
Verisign et al) the sender indeed is the person who claims he or she is.
Per site there has to be a person responsible for distributing this file
that in itself has no meaning for anyone who has not been given privileges
by that person or who is outside that domain.
Because the file is the key itself there exist an immense timing problem the
way we solved that is patent pending.
So far we have implemented it on all windows version below 2003
But we plan to extend to linux and os x

The problem being: we need the assembler code for the different processors
and the proper way to implement them without too much hardware and OS
dependency.

The encryption engines used are all publicly available. So I need not
elaborate on these.

It was thought not possible to create a polymorphic polymetrical encryption
engine, we have done it. And even included a timedependency within it.

An other advantage is when the license expires you can still decrypt older
messages but cannot encrypt new ones - contrary to all other PKI/PKC
implementations.

I hope this gives some insight

regards

Rob Tito
cassiope at wanadoo.nl
rptito at wanadoo.nl
++31 - (0)621 - 824722
"The changes we wish to see need to come from within us"
M. Gandhi
3Freedom is not worth having if it doesn't include the freedom to make
mistakes2
M. Ghandi
3Friends are dear, cherish them2
R.P. Tito
_______________________________________________
cocoa-dev mailing list | cocoa-dev at lists.apple.com
Help/Unsubscribe/Archives:
http://www.lists.apple.com/mailman/listinfo/cocoa-dev
Do not post admin requests to the list. They will be ignored.

--- end forwarded text

-- 
-----------------
R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com