Re: Odd behavior of CryptoSMS; was: Re: My my, how time flies ...... it's been about "1 hour"
Available news archives: comp.lang.tcl - comp.lang.python - comp.security.firewalls - sci.crypt - comp.lang.php - comp.lang.javascript
Google
 
Web news.hping.org


sci.crypt archive

Re: Odd behavior of CryptoSMS; was: Re: My my, how time flies ...... it's been about "1 hour"

From: <arachnidster@gmail.com>
Date: Wed Sep 07 2005 - 03:04:41 CEST



Crypto@S.M.S wrote:


> > Compounding the problem, to launch a pass-phrase search, all the


> > attacker needs from the users is CryptoSMS ciphertext. According


> > to descriptions appearing to be from a CryptoSMS insider, the


> > symmetric key is derived from the pass-phrase, without the use


> > of local-stored cryptovariables, nor key-amplification


> > techniques, nor public-key methods.


> >


>


> By key-amplification, do you mean salting and stretching?


> If so, please note that CryptoSMS does both.



And yet you've never disclosed how CryptoSMS does this. How is anyone


supposed to attack your scheme to test its security if you don't fully


reveal how it encrypts messages, let alone release the relevant source?



> CryptoSMS uses pass phrases because it does not store key rings.


> Hence no public key crypto.  For reasons discussed before, and


> re-mentioned recently in this thread.


>


> You are jumping to conclusions when you write "cryptographic


> incompetence", particularly since you don't know me or my experience.



The result, as pointed out, is that the passphrase can be brute-forced


from ciphertext.


Received on Thu Sep 29 21:53:05 2005