Re: Another Snake Oil Candidate
I'm a beta-tester for it, and while I can understand a small twitch when they talk about miltary and beyond military levels of security, it is very cool. It has hardware encryption and will erase itself if there are too many password failures. I consider that an issue, personally, but it appeals to people. The reason I consider it an issue is that I have had to use a brain-dead-simple password I'm not going to forget because if I get cute and need to try a number of things, poof, I'm dead. Yeah, it's using AES CBC mode, but that's a good deal better than a lot of encrypted drives that are using ECB. It also has their own little suite of Mozilla plus Tor and Privoxy for browsing and they've set it up so that you can run that on another computer from the drive. It's not bad at all. My only real complaint is that it requires Windows. Jon - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Another Snake Oil Candidate
Hi Jon, On Sep 11, 2007, at 5:35 PM, Jon Callas wrote: I'm a beta-tester for it, and while I can understand a small twitch when they talk about miltary and beyond military levels of security, it is very cool. It has hardware encryption and will erase itself if there are too many password failures. I consider that an issue, personally, but it appeals to people. The reason I consider it an issue is that I have had to use a brain-dead-simple password I'm not going to forget because if I get cute and need to try a number of things, poof, I'm dead. Yeah, it's using AES CBC mode, but that's a good deal better than a lot of encrypted drives that are using ECB. It also has their own little suite of Mozilla plus Tor and Privoxy for browsing and they've set it up so that you can run that on another computer from the drive. It's not bad at all. My only real complaint is that it requires Windows. The IronKey appears to provide decent security while it is NOT plugged into a PC. But as soon as you plug it in and you have to enter a password to unlock it, the security level quickly drops. This would be the case even if they supported Mac OS or *nix. As I stated in my response to Jerry Leichter, in my opinion, their marketing department is selling snake oil. Regards, Aram - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Rare 17th century crypto book for auction.
A rare 17th century crypto book is being auctioned. http://www.liveauctioneers.com/item/4122383/ Hat tip: Bruce Schneier's blog. Perry - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
RE: Rare 17th century crypto book for auction.
On 12 September 2007 19:28, Steven M. Bellovin wrote: On Wed, 12 Sep 2007 09:28:51 -0400 Perry E. Metzger [EMAIL PROTECTED] wrote: A rare 17th century crypto book is being auctioned. http://www.liveauctioneers.com/item/4122383/ As I commented to Bruce, see what Kahn says about it: But the work, while containing some cipher systems, mainly defends the occultism of Trithemius. Sure, that's what the *ciphertext* says g cheers, DaveK -- Can't think of a witty .sigline today - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Another Snake Oil Candidate
Hi, On 12/09/07 08:56, Aram Perez wrote: The IronKey appears to provide decent security while it is NOT plugged into a PC. But as soon as you plug it in and you have to enter a password to unlock it, the security level quickly drops. This would be the case even if they supported Mac OS or *nix. As I stated in my response to Jerry Leichter, in my opinion, their marketing department is selling snake oil. I think there is a difference between a product that is susceptible to an attack and the pure distilled 100% natural snake oil, as we usually define it. Indeed, the encrypted USB token is susceptible to sniffing of the password on the PC where it is entered. But in my opinion this is not the type of flaw that snake oils the product, because: 1. It's a limitation that also exists in the state of the art products of its type. That is, nobody could ever do better (I think). 2. It therefore does not reflect complete lack of understanding on the developer's side... So perhaps it's not pure snake oil but just a product with an attack vector; most products have at least one. Actually, this product is (almost) the first one that I saw which actually bothers to deal with the brute-force attack vector, which does exist in many other similar products. So it's not perfect, and I would certainly not bet my life on it, probably not even my life's data, but it's reasonable. Hagai. -- Hagai Bar-El - Information Security Analyst T/F: 972-8-9354152 Web: www.hbarel.com - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]