Re: Newbie naive question, perhaps - - be kind

"Arthur" <Art7@att.not> wrote in message
news:_v94f.436759$5N3.333722@bgtnsc05-news.ops.worldnet.att.net...
> I'm merely a potential end user of some form commercial encryption
> program primarily to protect some sensitive psychiatric case histories
> (as well as other files) from the curious eyes of the computer service
> kids. Although the 2 questions I have show my naivety in the field of
> cryptography and may sound simpleminded, this group seems to have the
> source of the best answers. Doing a bit of "homework," I found little
> help* in reviewing several months of posts here (too technical for me)!
>
> 1) Some of the commercial programs, such as Cryptainer, seem to suggest
> that their encryptions are essentially unbreakable: trillions of years
> of computer time would be required to break their Blowfish and AES
> encryption schemes in the program. Yet they suggest long passwords or
> pass phrases to make hacking these passwords "more difficult." They
> encouraged written questions from potential buyers, but have not
> answered my question: isn't the program as weak as its weakest link,
> e.g. the password?? ("Wheel of Fortune" comes to mind: "I'll buy a vowel,
> please.)

Yes - if you have a simple password, it will be broken.

You can expect the makers of the software to try to hype up their product,
by giving misleading information. By example, assume they are using a 128
bit keys. This claim that they are making is probably based off mean time
to find a key in 128 bit space assuming the 128 bit key is completely
randomly generated. And it would be a lot more than trillions of years ;)

But unfortunately that is not how it works. You will essentially be
entering a password, and the password be turned into a 128 bit value by a
hashing function.

> 2) if these encryption schemes are so unbreakable, and commercially
> available, why haven't I heard news items describing "terrorists" and
> their use of unbreakable encrypted e-mail ("tomorrow at 10:15, Sidney,
> we light the fuse")? Can I assume that "hackability" or unbreakability
> is merely a matter of degree, and that the police or local computer
> repairman will in all likelihood be intrigued in my newly encrypted data
> files and e-mail and therefore try all the harder to see what's within?

The way I understand it, is the the NSA keeps all information related to
this field secret.

While an encrypted email may not be able to be deciphered - if can still be
intercepted and identified as an encrypted message.

Like you said, it all comes down to the weakest link in the chain. But
ever measure has a counter measure as well.

It seems to me though, that the current terrorists, at least - have adopted
a mistrust for any kind of technology. And rightly so! If the government
can't decipher the messages, they will find another way to figure out what
is going on. Bugging/Remote Monitoring/Viruses etc.

Measures have counter measures, and it would seem that neither the
terrorists, nor the government are dumb. It is a war, and it would be
stupid for eiehter side to admit what their defenses and weapons are.

-- 
"It's better to have rocked and lost than never to have rocked at 
all." -John Flansburgh