Ryan, thank you for your response. I have a few comments/questions however...
(let me preface all of this with the fact that I am not an encryption expert, or even a novice, I am going by my understanding of the info from the sites listed in the script and links therein. I am genuinely interested to hear comments about the strength od the ARC4 algorithm)
--- [EMAIL PROTECTED] wrote:
...
> It will keep most
> people out, but it is still quite crackable.
> Basically all you need to do is try every
> password--automatically of
> course...
True, but that is true of _any_ encryption. If you choose a significantly long and random passphrase, then the time required to try every passphrase is _very_ large. You are speaking here of a brute-force attack. Given enough time and computing power any encryption is "crackable" by brute-force (excepting maybe the one-time pad?). Remember, this is based on ARC4 (RC4 of RSA), and while RC4 with 40 bit passphrases is brute-force "crackable", you can have a _much_ larger passphrase, as with this script you can choose the passphrase yourself [upto 246 ascii characters long. Even just using letters numbers and spaces you have 63 possible characters. 246 places with 63 possibilities each... 63^246 ... you do the math :) ]
...
> Even easier is if someone sends a two files
> of the same type ,as bmp's for instance, it
> practically gives
> you the password.
How?
Perhaps you mean if two files are sent with the same passphrase? This would be bad, but CipherSaber takes care of this by appending a random 10 character initialization vector to your passphrase, _greatly_ reducing the chances of two messages being sent with the same passphrase. See the CipherSaber site for details.
> I am sure the FBI could break it, and the CIA could
> cut right through it without much trouble. I
> definitely
> wouldn't call it a "Carnivore Buster." It is
> probably the exact type of thing they are looking
> for.
Again, only brute-force "crackable" if you use a too-short, non-random passphrase.
I doubt that with the volume of mail going through a Carnivore system, spending years (or even hours or minutes) to crack each and every one of millions of e-mails is worth the FBI or CIA's time or even within their budgets. Just pick a length of passphrase appropriate to the sensitivity of the data.
> On the other hand, Its really good though for
> keeping ISP's and hackers from reading your email.
and your spouse, your boss, your business competitor... ;)
> Why bother spending
> 5 weeks to decode someone's email? Most people
> wouldn't consider it, unless they were getting paid
> to do so.
Ryan, if you know of any way to "crack" RC4 (other than brute force) I would be very interested in knowing it. Both encryption and rebol are new to me and I would appreciate any feedback either on the algorithm or the workings of the script itself.
