I understand from the replies here that SimpleCrypt isn't secure, at least in the sense that with enough time the encryption scheme can be defeated. That's true for any scheme if you have infinite amounts of time and computers.
What I'd like to know is a realistic assessment of its insecurity. Dantz is saying it is secure enough for the majority of commercial uses. Is the average script kiddie going to find SimpleCrypt easy to crack? Really I'm trying to make a risk assessment. Of course I restrict access to my tapes, but in one location I run backups, that's impractical.
If SimpleCrypt's encryption is defeatable by an expert in 24 hours, I'm definitely going to alter my security practices. That's the kind of risk assessment I'd like to find out. How easy is it to beat SimpleCrypt and/or DES?
On 2/27/01, Douglas K Wyman emailed about "Re: Encryption protection":
You're kidding, aren't you...? Better to think about moving away
from the canal and up to some high ground...or to a state that isn't
sliding into the ocean so soon...
Seriously, physical security should always be your first priority.
Suppose someone decides they don't like you, or gets curious, or
notices what a raging success you are and takes the tapes hostage
etc, etc, etc. Belt and braces, that's my policy.
Thanks for your reply. What I would like to know is what kind of computing
horsepower is necessary to crack SimpleCrypt's encryption protection?
If someone acquired a tape from me that was encrypted, what kind of
resources would it take to get into the data? What about DES?
Everyone on this list is probably familiar with some of the distributed
computing attempts to crack advanced encryption algorithms. What would it
take to crack SimpleCrypt?
If it turns out that the data is fairly easily accessible to someone with
advanced hacking skills, I'll start locking my tapes up and taking other
> From: Eric Ullman <[EMAIL PROTECTED]>
> Reply-To: "retro-talk" <[EMAIL PROTECTED]>
> Date: Mon, 26 Feb 2001 07:51:00 -0800
> To: retro-talk <[EMAIL PROTECTED]>
> Subject: Re: Encryption protection
> Good question, Todd.
> Basically, Retrospect's SimpleCrypt encryption method is faster than DES,
> but the tradeoff for speed yields a less robust encryption scheme.
> Conceivably, it would take less time to decipher data that had been encoded
> with SimpleCrypt than with DES (or some other strong encryption method).
> Encryption should never be relied on as the sole means of keeping your data
> from unwanted access. It should always be used in conjunction with physical
> security measures. Any data important enough to worry about someone cracking
> its encryption method is important enough to restrict access to.
> One benefit of backing up computer data to compact, removable media is that
> it is relatively easy to collect and store in a secure location. Don't
> dismiss this advantage.
> I hope this helps.
> Eric Ullman
> Dantz Development
> Todd Reed <[EMAIL PROTECTED]> wrote:
>> On a mailing list I inhabit, the quality of Retrospect's encryption
>> was challenged as being inadequate. The comment was that neither DES
>> or Dantz' proprietary Vernam cipher would be secure from a serious
>> attempt to retrieve stolen backup data.
>> What's the scoop here? I've been running on the assumption that if I>> lost a tape under mysterious circumstances that the information would>> be unrecoverable.>>>> How does SimpleCrypt compare to DES and how hard would someone have
>> to try to break the encryption?
> To subscribe: [EMAIL PROTECTED]
> To unsubscribe: [EMAIL PROTECTED]
> Archives: <http://list.working-dogs.com/lists/retro-talk/>> Search: <http://www.mail-archive.com/retro-talk%40latchkey.com/>>> For urgent issues, please contact Dantz technical support directly at> [EMAIL PROTECTED] or 925.253.3050.------------------------------------------------------------
To subscribe: [EMAIL PROTECTED]
To unsubscribe: [EMAIL PROTECTED]
For urgent issues, please contact Dantz technical support directly at
[EMAIL PROTECTED] or 925.253.3050.