Page 3 of 4 FirstFirst 1234 LastLast
Results 41 to 60 of 74
  1. #41  
    Quote Originally Posted by calroth
    Good. Please cite the papers which reference it, and I'll check them out. Journal names, dates of issue, and titles of papers would be great.

    This demonstrates how little you know about ciphers. ALL block ciphers can be made to work in a way which doesn't increase the size of the encrypted file. (For example: generate a keystream, then XOR it with the original file.)
    Thanks... I've asked too. Let's see what develops.
  2. #42  
    Unfortunately there are many users who are not knowledgeable about encryption as people on this forum and who would get mislead by "21000 bits" and the rest of marketspeak and will pay for such product.

    Besides obvious problem with proprietary encryption algorithm, there are couple more issues worth mentioning:

    1. It is not compatible with encryption in most email software out there. Right now I can send email message signed with my X.509 certificate and 90% of mail client out there will be able to understand this (in my unscientific estimation Microsoft Outlook, Apple Mail and Mozilla/Netscape Mail together are covering about that percentage of the market).

    2. Many modern IMAP and SMTP servers out there support TLS (I am using TLS to both access my IMAP server and send mail with SMTP from my Treo using Snappermail). Obviously they are not compatible with VeriTouch protocols and thus to ensure transport security I am forced to use their server as proxy. Obvious questions of trust arise here. How secure is their service? Can we trust their staff?

    3. Nothing was said about PKI. Who would generate keys, and most importantly guarantee that the keys belong to the persons who claim they are.

    They mentioned that they are using PGP. This is good news. PGP is good. But this makes their claim of 21000 bits encryption even more dubious. Managing an RSA or DSA key of this length is not practical on Treo (not enough CPU power). So where the number 21000 comes from? Should it be 2 separate numbers: one for message encryption with PGP and another for transport encryption? I am starting to fear that 21000 is multiplication product of PGP key length and transport key length.

    Maybe I am wrong, but we can't tell until VeriTouch will publish details about algorithms they are using.
  3. #43  
    Hmmm.. the Register doesn't think too much about some of gary's ideas either:

    http://www.theregister.co.uk/2004/06...drm_interview/

    And fingerprint recognition seems to be less secure than he had touted too:

    http://www.theregister.co.uk/2002/05...print_sensors/
  4.    #44  
    Quote Originally Posted by krokodil
    Unfortunately there are many users who are not knowledgeable about encryption as people on this forum and who would get mislead by "21000 bits" and the rest of marketspeak and will pay for such product.

    Besides obvious problem with proprietary encryption algorithm, there are couple more issues worth mentioning:

    1. It is not compatible with encryption in most email software out there. Right now I can send email message signed with my X.509 certificate and 90% of mail client out there will be able to understand this (in my unscientific estimation Microsoft Outlook, Apple Mail and Mozilla/Netscape Mail together are covering about that percentage of the market).

    2. Many modern IMAP and SMTP servers out there support TLS (I am using TLS to both access my IMAP server and send mail with SMTP from my Treo using Snappermail). Obviously they are not compatible with VeriTouch protocols and thus to ensure transport security I am forced to use their server as proxy. Obvious questions of trust arise here. How secure is their service? Can we trust their staff?

    3. Nothing was said about PKI. Who would generate keys, and most importantly guarantee that the keys belong to the persons who claim they are.

    They mentioned that they are using PGP. This is good news. PGP is good. But this makes their claim of 21000 bits encryption even more dubious. Managing an RSA or DSA key of this length is not practical on Treo (not enough CPU power). So where the number 21000 comes from? Should it be 2 separate numbers: one for message encryption with PGP and another for transport encryption? I am starting to fear that 21000 is multiplication product of PGP key length and transport key length.

    Maybe I am wrong, but we can't tell until VeriTouch will publish details about algorithms they are using.
    GB> Hello, we will not be publishing details about our proprietary algorithm, or how it is used in combination with PGP for the benefit of MIRAGE users.

    With respect to your question No. 2, rest assured that customers' existing POP3 and IMAP mail servers will work just fine with MIRAGE. We will offer our own Mail Server and related additional enhanced services, but this is an option, not a requirement.

    I strongly suggest that if you want to find out about our advanced messaging system, that you enroll in the Beta Test Program.

    Simply drop an email to the company and we will reply quickly.

    Due to an overwhelming response to our offer, the number of Beta Testers has been increased today from 50 to 100 testers.

    Thank you!

    Gary E. Brant, CEO
    VeriTouch Ltd. - New York
    gb@veritouch.com
  5.    #45  
    Quote Originally Posted by jaytee
    Hmmm.. the Register doesn't think too much about some of gary's ideas either:

    http://www.theregister.co.uk/2004/06...drm_interview/

    And fingerprint recognition seems to be less secure than he had touted too:

    http://www.theregister.co.uk/2002/05...print_sensors/
    GB> These stories have absolutely nothing to do with MIRAGE, and The Register is known world-wide for its tabloid journalism.

    'Nuff said!

    Gary E. Brant, CEO
    VeriTouch Ltd. - New York
    gb@veritouch.com
  6. dpk
    dpk is offline
    dpk's Avatar
    Posts
    21 Posts
    #46  
    Quote Originally Posted by calroth
    Regarding the encryption, I have two words: snake oil.
    Good reading on the subject:

    http://www.faqs.org/faqs/cryptography-faq/snake-oil/

    Anyways, some points.

    21000-bit encryption would not be ~200 times better than 1024 bit encryption. It doesn't scale like that. 1024-bit encryption doesn't take 2x longer to break than 512-bit.

    If the algorithm is being patented, it will be available for public review. If the details about the proprietary algorithm are made public before the patent is issued, it should not have an impact on its security, if it is indeed secure.

    And a side observation: Two lines of text becomes 100,000 cipher chars, but it does not add data to the encrypted file? Does the 100,000 cipher char file compress down to the size of two lines of text, perhaps?
  7. #47  
    While the register may be irreverent, it is certainly not irrelevant. I've been around the computer biz for a few years (20+) and appreciate the articles in the register.
    Last edited by jaytee; 09/20/2004 at 11:40 PM.
  8. #48  
    I got a nice private message from Gary saying, in part, "We're not discussing our IP in a public forum ... We are not RSA, and we don't have to do a peer review of our technology ... Wait for its release."

    OK, fine. No journal citations for any of us.

    Anyway, I said above that I use PGP Mobile for Palm OS. You can get more info about it at
    http://www.pgp.com/products/mobile/palm/index.html, so if you're in the market for real encryption, check it out.

    It has many disadvantages. It doesn't do e-mail; you have to copy and paste into your e-mail client of choice. It can only cope well with small amounts of text (then again, so do most Palm OS e-mail clients). Some of its features (i.e. Palm database encryption) don't work in Palm OS 5. And getting keys onto and off your Palm is a pain in the ****.

    But there's one very clear advantage: It's made by PGP. You really can trust them. And they're the best in the business.

    There's something to be said for carrying military-strength crypto in your pocket.
  9. #49  
    Oh, whilst I think of it:

    You can also use PGP Mobile as an encrypted Memo Pad, to store your passwords, credit card numbers, etc. etc. Now there are many fine and reputable programs out there that do it already (I got SplashID for free with my Treo 600 and it's an excellent program). But why settle for second best? :-)
  10. #50  
    Sounds like Gary was busy PM'ing last night ;-) Like someone said earlier in this thread, even when encryption is made fairly easy, there isn't a decent market for it (at least on the Palm platform). I do use digital signing with Evolution and gnuPG on my linux desktop, and sometimes encryption too. It's actually very easy there.

    For my treo, I use gnukeyring to store important keys and passphrases. Simple and inexpensive... ok... free.
    --
    Visor Deluxe > Visor Platinum > Visor Pro > Treo 180 > Treo 270 > Treo 600 > Treo 650 > Treo 680 > Palm Pre > EVO 4G
  11. #51  
    Quote Originally Posted by veritouch
    With respect to using a server, it is a necessary module in any internet-based messaging system, and again, I'd be delighted if you'd explain a different system (perhaps each and every customer could run their own web server just for email with a static I.P. and tons of bandwidth :-), YEAH, that would work!).


    Gary E. Brant, CEO
    VeriTouch Ltd. - New York
    gb@veritouch.com
    Standard public-key encryption does not require a server. While a message will transit many servers on the way to its destination, a PKI-encrypted message is protected throughout the journey.

    Your slam of Bruce Schneier in another message tells me that your product is likely to be hot air as far as security is concerned. Bruce Schneir is an internationally recognized PKI and security authority. All he has done in this case is to post a reference to research done by others.

    Extravagant claims, such as those you make, are an indicator of a product to be avoided, in my opinion.
    Shneor
    Pre 3 on T-Mobile, 32gb Touchpad
  12. #52  
    Snake Oil Warning Signs: Encryption Software to Avoid
    http://www.interhack.net/people/cmcu...e-oil-faq.html

    Written back in '98, but still applies today.
  13. #53  
    Quote Originally Posted by veritouch
    GB> These stories have absolutely nothing to do with MIRAGE, and The Register is known world-wide for its tabloid journalism.

    'Nuff said!

    Gary E. Brant, CEO
    VeriTouch Ltd. - New York
    gb@veritouch.com
    The other thing that annoys me about all this is the stupid little GB> he puts in fron of everything he posts. Who else do we think is typing his responses?


    And still no cost released. What a farce.
    “There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order.”
    — Ed Howdershelt
    "A government big enough to give you everything you want, is big enough to take away everything you have."- Thomas Jefferson
  14. #54  
    Perhaps it's not called MIRAGE for nothing...

    Marc
  15. #55  
    LOL Right on Marc! Chatter Rules!
    “There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order.”
    — Ed Howdershelt
    "A government big enough to give you everything you want, is big enough to take away everything you have."- Thomas Jefferson
  16. #56  
    This guy is rude, loud and has an attitude. Where I come from, that's not a good way to sell your products. What would you say about a company whose CEO has nothing better to do than spend time on these boards:-)
  17. #57  
    Checked out his website. Now news updates since January. Nothing special there. No mention whatsoever of Mirage. Only contact info is for GB himself. Looks like a one man show.
    “There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order.”
    — Ed Howdershelt
    "A government big enough to give you everything you want, is big enough to take away everything you have."- Thomas Jefferson
  18. #58  
    did some google work. ck this out.

    http://linuxdevices.com/articles/AT8279480561.html

    From the article.
    Brant was reticent about explicit details of the Linux implementation powering the iVue, since it has not yet shipped as a finished product, although a working prototype exists. "iVue is a revolutionary system which many companies large and small wish they had, [so] I don't want to divulge our technology secrets.".....Brant was similarly reticent about when the device would ship, who helped with the Linux port, and other details. On one point, though, Brant was more than forthcoming. "The iVue Personal Media Player runs Linux, and always has from the very first prototype," Brant stated.
    Lots of fluff but no real substance. Sound familiar?
    “There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order.”
    — Ed Howdershelt
    "A government big enough to give you everything you want, is big enough to take away everything you have."- Thomas Jefferson
  19. #59  
    Well... if it runs Linux, then if it hooks to kernel code, I'd like to see the source. And he would need to provide source for all the GPL portions.

    He could make proprietary applications which ran in addition to those.
  20. LTE
    LTE is offline
    LTE's Avatar
    Posts
    5 Posts
    #60  
    SEVEN's email products (Business Connection at Sprint and Xpress Mail at Cingular) have been providing end-to-end AES encryption (the new government standand replacing triple DES) of IMAP e-mail for over a year. Also supports POP and all versions of Exchange and Lotus Domino. For the latest beta version submit a request to ooobeta@seven.com.
Page 3 of 4 FirstFirst 1234 LastLast

Posting Permissions