Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror

Comment It's quite usable actually (Score 1) 169

I've seen a lot of criticism posted here. Things are not as bad as many posters would like you to imagine. The proggy is quite usable. Just make sure to encrypt all your HardEncrypt'ed messages with PGP and you will be OK. So, it has to be a two-step process:
  1. Use HardEncrypt to encrypt your message.
  2. Re-encrypt the message obtained at Step 1 with PGP.

I challenge anyone demostrate that this modified scheme is insecure.
There are two main reasons why you can safely eliminate Step 1. Number one, many of the previous posts have successfully demonstrated, beyond any reasonable doubt, the author of HardEncrypt to lack necessary crypto expertise. Number two, even if he'd had that expertise, OTP schemes are not practical anyway. To elaborate, consider the following points:
  • Audio files are not random. Good one-time pads are generated using machines based on nuclear radioactive decay. This process is believed - but not known! - to be truly random (whatever that means) or, at least, unpredictable. Audio files don't even come close.
  • Key management is a bitch. It always it. With HardEncrypt, it is a bitch of epic proportions, all clueless comments to the contrary notwithstanding.
  • C'mon guys, get real!
    Are we engaged in a theoretical discourse here, or are we discussing a practical matter? The theoretical aspect of this discussion was closed long time ago. The verdict? Truly random one-time pads provide for unbreakable encryption. Note that all comments made Roblimo about NP-hardness, NP-completeness, or undecidability of the problem are irrelevant, as one of AC's rigthly pointed out. So much for the theoretical foundation.

    As a practical matter, who do you think is going to try decrypt your piddly emails? For any organization but NSA and its international counterparts, as well as some major corporations, the task of cryptanalysing your PGP-encrypted mail is well beyond its budget. Now, try to think in terms cost-benefit analysis. For all intents and purposes, if any powerful institution were ever to get really curious about the contents of your emails, it would be much cheaper for them to ask you nicely to surrender the key. I mean, real nicely.

The bottom line is, use PGP and get a copy of Applied Cryptography by Bruce Schneier, if you haven't already done so.

Slashdot Top Deals

"You can have my Unix system when you pry it from my cold, dead fingers." -- Cal Keegan

Working...