On 6 February 2013 23:35, Jeffrey Walton <[email protected]> wrote: > On Wed, Feb 6, 2013 at 7:17 AM, Moti <[email protected]> wrote: >> Interesting read. >> Mostly because the people behind this project. >> http://www.slate.com/articles/technology/future_tense/2013/02/silent_circle_s_latest_app_democratizes_encryption_governments_won_t_be.html > > No offense to folks like Mr. Zimmermann, but I'm very suspect of his > claims. I still remember the antithesis of the claims reported at > http://www.wired.com/threatlevel/2007/11/encrypted-e-mai/. > > I'm also suspect of "... the sender of the file can set it [the > program?] on a timer so that it will automatically “burn” - deleting > it [encrypted file] from both devices after a set period of, say, > seven minutes." Apple does not allow arbitrary background processing - > its usually limited to about 20 minutes. So the process probably won't > run on schedule or it will likely be prematurely terminated. In > addition, Flash Drives and SSDs are notoriously difficult to wipe an > unencrypted secret.
And there's also the issue that there's really no way you can force the recipient to delete the file. A point they even illustrate later in the article: "A few weeks ago, it was used in South Sudan to transmit a video of brutality that took place at a vehicle checkpoint. Once the recording was made, it was sent encrypted to Europe using Silent Text, and within a few minutes, it was burned off of the sender’s device. Even if authorities had arrested and searched the person who transmitted it, they would never have found the footage on the phone. Meanwhile, the film, which included location data showing exactly where it was taken, was already in safe hands thousands of miles away—without having been intercepted along the way—where it can eventually be used to build a case documenting human rights abuses." i.e, _not_ burned by the recipient. So, is the claim that they've invented delete? > Perhaps a properly scoped PenTest with published results would ally my > suspicions. It would be really bad if people died: "... a handful of > human rights reporters in Afghanistan, Jordan, and South Sudan have > tried Silent Text’s data transfer capability out, using it to send > photos, voice recordings, videos, and PDFs securely." This sounds just like step one in another Haystack-like fiasco. _______________________________________________ cryptography mailing list [email protected] http://lists.randombit.net/mailman/listinfo/cryptography
