John Gillmore wrote:
> Turning down the offer on verifiability grounds left them wondering
> whether they really would have done it if it'd been possible to keep
> the whole thing secret. The quid pro quo offered by NSA would be that
> their products would have no trouble getting through the (at the time)
> draconian export controls. Of course, there was no way to enforce the
> deal either; "blowing the whistle" if NSA refused export permission
> would have revealed the company's security products as untrustworthy,
> probably kicking it out of the security market.
>
> Anybody tested the primes in major products lately?
Actually you do not even need that. All you have to do is make sure that the
passphrase never reaches the level of entropy of the encryption algorithm.
An example of this is V-go. It claims to use 128 bit Blowfish, but it is very
difficult to generate a passphrase that contains 128 bits of entropy. (They also
include a module for something called "cobra". Sounds like homebrew snake-oil to me,
but I have not reverse engineered that one yet.)
V-Go uses a "graphical passphrase". Not only does it contain a small number of
combinations per "character", but it allows you to enter the elements in any order! (I
have been trying to determine the total number of combinations involved, but I have
not been able to determine a good formula for this and no standard statistics
reference has given me any reasonable formula for this sort of combination problem.
If you have a formula, send it to me off-line.) You are given the option of which
passphrase generation screen you want to use. The "cards" screen can only generate 54
bits of entropy. The "timeclock" screen can only generate less than 800,000
combinations.
The program is distributed by passlogix, but it has Intel's name all over it. It
seems to be used by a number of high profile sites. Seems that it you put a well
trusted name on it, people will use just about anything!
