debunking snake oil
Dave Korn
dave.korn at artimi.com
Fri Aug 31 12:51:09 EDT 2007
On 31 August 2007 02:44, travis+ml-cryptography wrote:
> I think it might be fun to start up a collection of snake oil
> cryptographic methods and cryptanalytic attacks against them.
I was going to post about "crypto done wrong" after reading this item[*]:
http://www.f-secure.com/weblog/archives/archive-082007.html#00001263
I can't tell exactly what, but they have to be doing *something* wrong if
they think it's necessary to use file-hiding hooks to conceal... well,
anything really. The hash of the fingerprint should be the symmetric key used
to encrypt either files and folders directly on the thumbdrive, or perhaps a
keyring file containing ADKs of some description, but if you do crypto right,
you shouldn't have to conceal or obfuscate anything at all.
cheers,
DaveK
[*] - See also
http://www.f-secure.com/weblog/archives/archive-082007.html#00001264
http://www.f-secure.com/weblog/archives/archive-082007.html#00001266
--
Can't think of a witty .sigline today....
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list