Michael Hicks <[email protected]> wrote: > Thank you so much we appreciate your opinion and facts. would you have any > recommendations?
Start by reading up on one-time pads. Probably the best source is Marcus Ranum's FAQ: http://www.ranum.com/security/computer_security/papers/otp-faq/ Another, partly my writing: http://en.citizendium.org/wiki/One-time_pad >> The author doesn't understand how to construct one-time pads, and flouts >> the most important rule of using them. Avoid this software like the >> plague. Right. Also, even if you get the OTP part of it right, there are still problems. One is that the system gives no protection against traffic analysis, collection & use of what has being called metadata in recent news stories. Another is that, while an OTP system is provably perfectly secure against simple eavesdropping, it is inherently vulnerable to a rewrite attack: http://en.citizendium.org/wiki/Stream_cipher#Rewrite_attacks Finally, there are a whole lot of questions about things like how you generate the random numbers, how a customer can be sure his java app is not tampered with, etc. Quickly perusing your web site, I do not see answers for those. -- Liberationtech is a public list whose archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at [email protected].
