Page 4 of 4 FirstFirst 1234
Results 61 to 74 of 74
  1.    #61  
    Quote Originally Posted by LTE
    SEVEN's email products (Business Connection at Sprint and Xpress Mail at Cingular) have been providing end-to-end AES encryption (the new government standand replacing triple DES) of IMAP e-mail for over a year. Also supports POP and all versions of Exchange and Lotus Domino. For the latest beta version submit a request to ooobeta@seven.com.
    VeriTouch's MIRAGE encrypted email client for the Treo 600-650 (ACE) integrates powerful security, using two layers of encryption and other unique tools to provide corporate, government, university, healthcare and individual users with the strongest possible message security and integrity.

    We have re-invented the way both the message is secured, as well as the transport methods, authentication of receivers and senders, and a unique feature that makes it virtually impossible for anyone to alter the contents of a message before it reaches the recipient.

    Having received over 2,000 individual replies to our news release, VeriTouch will shortly release our Beta program to registered Beta Testers.

    Gary E. Brant, CEO
    VeriTouch Ltd. - New York
    gb@veritouch.com
  2. #62  
    Quote Originally Posted by veritouch
    ...using two layers of encryption...

    We have re-invented the way both the message is secured, as well as the transport methods, authentication of receivers and senders, and a unique feature that makes it virtually impossible for anyone to alter the contents of a message before it reaches the recipient.
    Quote Originally Posted by veritouch
    We will not be publishing details about our proprietary algorithm, or how it is used in combination with PGP for the benefit of MIRAGE users.
    Quote Originally Posted by veritouch
    21,000 bit encryption is a unique and patent-pending cryptographic algorithm developed by VeriTouch. As you are probably aware, standard SSL credit card transactions over the Internet are "protected" by a paltry 1024-bit key. Our key is fully 200 times more powerful, ensuring that your mail is going to be very well protected from hackers.
    WOW! Ok, there are just too many warning signs here to let this go by without a comment.

    First off, 2 layers of encryption does NOT make an encryption standard better just because you used 2 layers. I personally don't know of a very common algorithm for encryption that uses 2 layers, unless they are layers of the same type of single algorithm. Now the situation is different if one of the methods is a key exchange method or something similar, but you haven't been too clear on that point.

    Also, by reinventing the ways a message is secured, the transport methods, and authentication of receivers and senders definitely doesn't put me at ease. Also the "unique feature that makes it virtually impossible for anyone to alter the contents of a message before it reaches the recipient" doesn't sound like a very unique feature at all. Most well used algorithms make it virtually impossible to alter the contents of a message. Quantum cryptography in particular makes it impossible to alter the contents without the recipient knowing.

    A secure algorithm should be secure EVEN if the method of using the algorithm is known publicly. Not releasing details of your algorithm doesn't protect MIRAGE users in any way. Most people who know anything of cryptography know this. So do NOT use that bs line just because you don't want to reveal your methods. The method could be figured out with enough work by someone if they wanted to anyway, just by using something like SoftICE or similar and enough time.

    As someone already mentioned, just because you have a 21000 bit key doesn't make it 200 times better then a 1024 bit. Most encryption breaks are due to bad implementation. Let's look at WEP for a second, I could take a million bit WEP key and it's very insecure and definitely less secure then AES 256, just because the implementation is crap. Some may argue that WEP is better then nothing. This may be true, but not by much. So, don't go throwing around big numbers just cause people who don't know any better will gobble them up.

    Also, calling RSA-1024 bit encryption paltry is QUITE a stretch. RSA is one of the most well respected security companies in the world. Your company smells like fish. Their algorithm is very secure. RSA-576 was factored by using approximately 100 workstations in a little more than three months. RSA-576 is many orders of magnitude weaker then RSA-1024. I challenge you to factor RSA-1024 before you can dare call it paltry. You seem like you have very little knowledge of encryption, but plenty on how to do marketing spin.

    Your product (though I have not used it, and probably wont) may very well encrypt emails, I highly doubt your claims to it being the strongest method of doing so. Until I see evidence to the contrary, from some entity I trust, I will not use your product or recommend doing so by anyone. You seem too evasive on this topic for my liking, especially when users have a vested interest in making sure your methods are secure.
  3. #63  
    This product sure looks like phoney baloney to me - and to anyone else who knows anything about the subject. Gary does not appear to know much about it. I would not touch this product even if it was freeware.
    Shneor
    Pre 3 on T-Mobile, 32gb Touchpad
  4. Minsc's Avatar
    Posts
    967 Posts
    Global Posts
    974 Global Posts
    #64  
    Jumping back to a question I raised earlier, is the security concern with wireless email due to the wireless nature of it, (the possiblity of it being intercepted as the data is travelling from the mobile device to the tower) or is it once the data hits the tower/switch and makes it's way through the 'net?

    If it's the former, then I don't understand the need for encryption. Both GSM and CDMA by their very nature are heavily encrypted. And while GSM has been cracked, it certainly can't be done easily. CDMA is virtually un-crackable.

    If it's the latter, than I guess I'm wondering if most email in general is encrypted. If I'm using an Exchange server at work, is my email being encrypted? Are Domino servers encrypting email?? If not, then I guess it would be fair to say that most corporate email is unencrypted. If that's the case, then why do I care so much if my wireless email is encrypted or not?
  5. #65  
    Most email is un-encrypted and passes through all the servers, switches, routers, and such in the clear. There are well known, well implemented, cryptographic solutions to desktop email that have been vetted by well known security entities. They are hardly ever used. I have GPG and Evolution here on my desktop. I can both digitally sign and encrypt my emails. I often digitally sign. I rarely encrypt.
  6.    #66  
    Quote Originally Posted by brain007
    WOW! Ok, there are just too many warning signs here to let this go by without a comment.

    First off, 2 layers of encryption does NOT make an encryption standard better just because you used 2 layers. I personally don't know of a very common algorithm for encryption that uses 2 layers, unless they are layers of the same type of single algorithm. Now the situation is different if one of the methods is a key exchange method or something similar, but you haven't been too clear on that point.

    Also, by reinventing the ways a message is secured, the transport methods, and authentication of receivers and senders definitely doesn't put me at ease. Also the "unique feature that makes it virtually impossible for anyone to alter the contents of a message before it reaches the recipient" doesn't sound like a very unique feature at all. Most well used algorithms make it virtually impossible to alter the contents of a message. Quantum cryptography in particular makes it impossible to alter the contents without the recipient knowing.

    A secure algorithm should be secure EVEN if the method of using the algorithm is known publicly. Not releasing details of your algorithm doesn't protect MIRAGE users in any way. Most people who know anything of cryptography know this. So do NOT use that bs line just because you don't want to reveal your methods. The method could be figured out with enough work by someone if they wanted to anyway, just by using something like SoftICE or similar and enough time.

    As someone already mentioned, just because you have a 21000 bit key doesn't make it 200 times better then a 1024 bit. Most encryption breaks are due to bad implementation. Let's look at WEP for a second, I could take a million bit WEP key and it's very insecure and definitely less secure then AES 256, just because the implementation is crap. Some may argue that WEP is better then nothing. This may be true, but not by much. So, don't go throwing around big numbers just cause people who don't know any better will gobble them up.

    Also, calling RSA-1024 bit encryption paltry is QUITE a stretch. RSA is one of the most well respected security companies in the world. Your company smells like fish. Their algorithm is very secure. RSA-576 was factored by using approximately 100 workstations in a little more than three months. RSA-576 is many orders of magnitude weaker then RSA-1024. I challenge you to factor RSA-1024 before you can dare call it paltry. You seem like you have very little knowledge of encryption, but plenty on how to do marketing spin.

    Your product (though I have not used it, and probably wont) may very well encrypt emails, I highly doubt your claims to it being the strongest method of doing so. Until I see evidence to the contrary, from some entity I trust, I will not use your product or recommend doing so by anyone. You seem too evasive on this topic for my liking, especially when users have a vested interest in making sure your methods are secure.
    Our product will stand on its own merits, and it is working now.

    There has been a tremendous positive response from Treo 600 users who have a need for the level of messaging security that we offer in MIRAGE.

    MIRAGE's double-encryption layer has as much to do with security as the ingenious way that keys are handled inside the encrypted messages, or what we call the secure transport layer.

    If you want to try it, sign up for the beta program.

    I think this subject has now exhausted itself, judging from your comments.

    This will be my last post in this topic field at Treo Central.

    As I've said, MIRAGE is a completely self-contained secure messaging system which we are porting to the Treo 600 and 650 (ACE).

    If it proves useful to you or your organization, great. If not, that's fine by us too!

    Best wishes,

    Gary E. Brant, CEO
    VeriTouch Ltd. - New York
    gb@veritouch.com
  7. Minsc's Avatar
    Posts
    967 Posts
    Global Posts
    974 Global Posts
    #67  
    Quote Originally Posted by veritouch
    Our product will stand on its own merits, and it is working now.

    There has been a tremendous positive response from Treo 600 users who have a need for the level of messaging security that we offer in MIRAGE.

    MIRAGE's double-encryption layer has as much to do with security as the ingenious way that keys are handled inside the encrypted messages, or what we call the secure transport layer.

    If you want to try it, sign up for the beta program.

    I think this subject has now exhausted itself, judging from your comments.

    This will be my last post in this topic field at Treo Central.

    As I've said, MIRAGE is a completely self-contained secure messaging system which we are porting to the Treo 600 and 650 (ACE).

    If it proves useful to you or your organization, great. If not, that's fine by us too!

    Best wishes,

    Gary E. Brant, CEO
    VeriTouch Ltd. - New York
    gb@veritouch.com
    If the Treo users who hang out here are a good representation of what Treo users want in an email app, then I would say encryption is well behind other considerations such as user interface, reliability, features, battery usage, and cost. In fact, encryption might not even make the top 10.
  8. #68  
    We've been linked to from Bruce Schneier's newsletter/blog. http://www.schneier.com/crypto-gram-0410.html
  9.    #69  
    Nice.

    The response we've been getting from all kinds of Treo users is encouraging.

    Thanks to everyone who signed up for the Beta Testing program.

    Best wishes,

    Gary E. Brant, CEO
    VeriTouch Ltd. - New York
    gb@veritouch.com
  10. #70  
    Yes thanks to all those TC members who signed up for the beta program. Since super uber encryption is all on our minds, I'd like to see by a show of hands who here at TC signed up for the beta of the Veritouch email program and your thoughts and experiences.

    Looking forward to your feedback.
    “There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order.”
    — Ed Howdershelt
    "A government big enough to give you everything you want, is big enough to take away everything you have."- Thomas Jefferson
  11. #71  
    Quote Originally Posted by calroth
    We've been linked to from Bruce Schneier's newsletter/blog. http://www.schneier.com/crypto-gram-0410.html
    Unfortunatly it seems like just a dumb link where it doesn't look like Schneier looked into the thing. Even though I think he is a brilliant man when it comes to cryptography, he seems to have turned into the "tinfoil hat" type lately. RFID tags on passports a bad thing?1?! He says that the administration is advocating the use of the tags on both foreign and our passports, then 2 paragraphs down, he says that evil-doers will be able to pick americans out of a crowd. Then he lets this snake oil into his newsletter, gimme a break. Everytime I think about this program I get the feeling that it uses ROT13 21000 times
  12. #72  
    I am not a security expert, but have read Singh's excellent history of cryptography, "The Code Book" and therefore feel reasonably informed.

    The strength of cryptographic systems have stemmed from the innate strength of the methodology. With public key crypto, it doesn't matter a whit that a cryptanalyst knows every detail of the encryption method; proper use renders any message undecipherable.

    Veritouch's claims that they've "invented" new methods of encryption, their fishy claim of a "21000 bit" key length, and their obvious fear of publishing their methodology all point to only one reasonable conclusion: this company thinks it can pull the wool over the eyes of the world as too many companies did with their own vaporware in the dot-com era.

    I hope that their potential clients have learned their lesson, and simply show these guys the door.
  13. #73  
    Five days and not a single TC user has admitted to being a beta tester for this program. Funny thing is I am not the least bit surprised.
    “There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order.”
    — Ed Howdershelt
    "A government big enough to give you everything you want, is big enough to take away everything you have."- Thomas Jefferson
  14. #74  
    Quote Originally Posted by Woof
    Five days and not a single TC user has admitted to being a beta tester for this program. Funny thing is I am not the least bit surprised.
    Doubt if there is anyone.
Page 4 of 4 FirstFirst 1234

Posting Permissions