[OT] Encryption

R. A. Hettinga rah at shipwright.com
Fri Jan 2 15:59:41 EST 2004

--- begin forwarded text

Cc: Cocoa Development <cocoa-dev at lists.apple.com>,
	Shawn Erickson <shawn at freetimesw.com>
From: Kyle Moffett <mrmacman_g4 at mac.com>
Subject: Re: [OT] Encryption
Date: Fri, 2 Jan 2004 15:30:53 -0500
To: Robert Tito <cassiope at wanadoo.nl>
Sender: cocoa-dev-admin at lists.apple.com
List-Id: Discussions regarding native Mac OS X application development
using Cocoa frameworks. <cocoa-dev.lists.apple.com>
List-Post: <mailto:cocoa-dev at lists.apple.com>
List-Help: <mailto:cocoa-dev-request at lists.apple.com?subject=help>
List-Subscribe: <http://www.lists.apple.com/mailman/listinfo/cocoa-dev>,
	<mailto:cocoa-dev-request at lists.apple.com?subject=subscribe>

On Jan 02, 2004, at 14:59, Robert Tito wrote:

> On 2-1-2004 20:40, "Kyle Moffett" <mrmacman_g4 at mac.com> wrote:
>> Hash: SHA1
>> On Jan 02, 2004, at 14:11, Robert Tito wrote:
>>> On 2-1-2004 20:08, "Shawn Erickson" <shawn at freetimesw.com> wrote:
>>>> Can you tell us the name of the product?
>>>> Note that describing the algorithm used in an encryption technology
>>>> does not imply one has to open your code up but just describe the
>>>> ciphers methodology. In absence of that it is hard for anyone to
>>>> verify
>>>> the ability of the algorithm.
>>>> For example RSA's RC5 is described [1] yet not open sourced. It is
>>>> patented and requires licensing to use.
>>>> It sounds like you may have had some type of public/government
>>>> verification that has taken place...?
>>>> -Shawn
>>> Its called Salutis.
>> Do you have a link or a web-page that describes the product?  Where
>> might one find more information about said product?  Perhaps a link to
>> the government classification standard you claim to be meeting,
>> including the identity of the third-party that verified your
>> classification
>> level.

You have not answered this question.  Where exactly is additional
information on this product?  If you intend to sell it, it would be
wise to
provide a link to more information.

> This is as far as I can go without infringing out pending patent:

Giving out information is not infringing on a patent, pending or not.
A patent,
in fact, requires the publishing of all of the details of the engine
and encryption
itself.  There might be company policy regarding the issue, but there
is no law
against it.

> It is a timedependent polymorphic polymetric engine that changes an
> engine
> (randomy chosen out of 10 with a max of 5 engines per file per segment
> of
> 256 byte of that file). The timestamp determines for the decrypting
> engine
> and the encrypting engine where to start within the file so the start
> never
> is at byte 1 but follow a timedependent sequence along the file
> filling up
> empty space with white noise.

This makes very little sense, and seems much like marketing babble.  So
take a file full of garbage, then stick a timestamp somewhere in there
when hashed indicates where to start in the file, filling up with data.
somehow you encrypt the data using a series of engines.  This is utterly
useless in terms of determining the security level of the engine.
OTOH, the
extreme complexity alone, in combination with the obscurity you appear
be relying on in the encryption software makes me very suspicious.

> Because the key is actually the file itself we do not use a public
> key, only
> a key that has to be generated and that is user AND hardware dependent
> meaning that a change of hard disk enforces you to get your new
> encryption
> key, one you generate yourself on your own machine. Networkcards are
> included as well as BIOS. That way one can safely (more safe as with
> Verisign et al) the sender indeed is the person who claims he or she
> is.
> Per site there has to be a person responsible for distributing this
> file
> that in itself has no meaning for anyone who has not been given
> privileges
> by that person or who is outside that domain.
> Because the file is the key itself there exist an immense timing
> problem the
> way we solved that is patent pending.
> So far we have implemented it on all windows version below 2003
> But we plan to extend to linux and os x

Please read up on the current uses of encryption in the workplace
documents and such).  Something that relied upon recreating the key
time you upgraded your hardware would be less than useless.

> The problem being: we need the assembler code for the different
> processors
> and the proper way to implement them without too much hardware and OS
> dependency.

Why assembly?  Assembly is only needed in an OS kernel in a few places,
for efficiency reasons.  Even then, C and C++ compilers are plenty

> The encryption engines used are all publicly available. So I need not
> elaborate on these.

Which engines?  If you use publicly available software please indicate

> It was thought not possible to create a polymorphic polymetrical
> encryption
> engine, we have done it. And even included a timedependency within it.

The "polymorphic polymetrical" makes little or no sense.  What are you

> An other advantage is when the license expires you can still decrypt
> older
> messages but cannot encrypt new ones - contrary to all other PKI/PKC
> implementations.

This too makes no sense

> I hope this gives some insight

Yes it does, that all of this is marketing babble, and since you seem
unable to
provide other good information this seems to be either vaporware or

Kyle Moffett

Version: 3.12
GCM/CS/IT/U d- s++: a16 C++++>$ UB/L/X/*++++(+)>$ P+++(++++)>$
L++++(+++) E W++(+) N+++(++) o? K? w--- O? M++ V? PS+() PE+(-) Y+
PGP? t+(+++) 5 X R? tv-(--) b++++(++) DI+ D+ G e->++++$ h!*()>++$ r

cocoa-dev mailing list | cocoa-dev at lists.apple.com
Do not post admin requests to the list. They will be ignored.

--- end forwarded text

R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list