on 2/28/01 11:30 AM, "Todd Reed" <[EMAIL PROTECTED]> wrote:
> I understand from the replies here that SimpleCrypt isn't secure, at least in
> the sense that with enough time the encryption scheme can be defeated. That's
> true for any scheme if you have infinite amounts of time and computers.
>
> What I'd like to know is a realistic assessment of its insecurity. Dantz is
> saying it is secure enough for the majority of commercial uses. Is the average
> script kiddie going to find SimpleCrypt easy to crack? Really I'm trying to
> make a risk assessment. Of course I restrict access to my tapes, but in one
> location I run backups, that's impractical.
>
> If SimpleCrypt's encryption is defeatable by an expert in 24 hours, I'm
> definitely going to alter my security practices. That's the kind of risk
> assessment I'd like to find out. How easy is it to beat SimpleCrypt and/or
> DES?
>
> Todd
#1. Turn off sending HTML email. It sucks.
#2. I would say that both DES and SimpleCrypt can be broken in less than 24
hours. Don't assume that some methodology that Dantz came up (when did they
get into the encryption business?) with is unbreakable in anything more than
that. I would guess that SimpleCrypt is just some weak XOR or something.
Also, security through obscurity is a terrible thing.
The right thing to do here is to have pluggable security. End of story.
-jon
--
----------------------------------------------------------
To subscribe: [EMAIL PROTECTED]
To unsubscribe: [EMAIL PROTECTED]
Archives: <http://list.working-dogs.com/lists/retro-talk/>
Search: <http://www.mail-archive.com/retro-talk%40latchkey.com/>
For urgent issues, please contact Dantz technical support directly at
[EMAIL PROTECTED] or 925.253.3050.
