Newsgroups: sci.crypt
Path: msuinfo!caen!zaphod.mps.ohio-state.edu!qt.cs.utexas.edu!cs.utexas.edu!uunet!shearson.com!newshost!pmetzger
From: pmetzger@snark.shearson.com (Perry E. Metzger)
Subject: Re: Reply to respondents re pd encryption software
In-Reply-To: naga@wet.UUCP's message of 2 Feb 92 11:24:09 GMT
Message-ID: <PMETZGER.92Feb3185120@snark.shearson.com>
Followup-To: sci.crypt
Sender: news@shearson.com (News)
Reply-To: pmetzger@shearson.com
Organization: Lehman Brothers
References: <3281@wet.UUCP>
Distribution: usa
Date: Mon, 3 Feb 1992 23:51:20 GMT


   from naga@wet.UUCP (Peter Davidson)

   > C> A:
   > A> des -e < plaintext > ciphertext

   Well, no, what I had in mind was encrypting not simply files on floppy
   disks but *whole* floppy disks - all the data in every sector.

On my sun...

des -e </dev/fd >ciphertext

   > |> 8.  Does the software provide means for producing a permanent record of its
   > |> operations, providing information about the files being encrypted or
   > |> decrypted?
   >
   > You mean, like some sort of audit record that anybody could read that
   > would list the encrypted files and the appropriate keys? No, I guess I
   > forgot to add this feature. Mea culpa.

   Did I say that the record should include the keys?  This is another example
   of (conveniently) seeing idiocy where it does not exist.  (Phil is not
   alone in this.)  The record should include only such information as dates,
   names and file sizes - helpful in a situation where a large amount of data
   encryption and decryption is being performed.

You mean, like

typescript

or if that isn't enough, prehaps a three line wrapper script like

#!/bin/sh
echo encrypting $1 into $2 >>/var/adm/cypherlog
des -e <$1 >$2

I can't believe that ANYONE would be stupid enough to pay money for
such a thing, but obviously you take us for fools.

   His remark is clearly meant sarcastically but is actually true of
   cryptosystems that are to be used a corporate environment:

	   "What happens if an employee is sick or is killed or is fired and
       refuses to restore the encrypted files?  With many packages it is
       impossible to recover the files.  This interrupts work flow and is
       costly, especially if the files cannot be restored from other data.

	   "On the other hand, there are some packages that provide for an
       'emergency' key usable only by the security administrator.  He or she,
       using a special recovery program, is able to decipher any file without
       knowing the original password.  This, we believe, is one essential
       element that must be included in any package selected."

		   - H. J. Highland, FICS, "How to Evaluate Microcomputer
		   Encryption Software and Hardware", Computers & Security,
		   Vol. 6, No. 3, June 1987, pp.229-244.


All you have proven, sir, is that H. J. Highland of FICS is suffering
from the same disease you are, to whit, severe lack of understanding
of the requirements of cryptosystems. I don't care if the man has a
PhD in mathematics; he is obviously untrustworthy from the start.

NO ENCRYPTION SYSTEM THAT HAS A TRAPDOOR CAN BE TRUSTED. PERIOD.
THE WHOLE POINT OF ENCRYPTION IS TO MAKE FILES UNRECOVERABLE.

If there is a trap door, in no sense is your data actually secure.
If you need to keep your keys safe, use a safe or a safe deposit box
at a bank. Don't by crappy software with such "features".

   I think I have at least stimulated some thoughts as regards the
   requirements of cryptographic software in non-military
   applications.

No you haven't. You've wasted bandwidth. I suspect that you neither
understand cryptography nor the concept of "requirements". The
universal derision of your remarks should be some clue as to how
little of value they contained.

   And I don't object to lively debate.  Having followed sci.crypt for
   18 months now I know the discussions can occasionally become rather
   dry and abstract.  Not to mention *humorless*.

I'm afraid that there are no great stand up mathematicians. If comedy
is what you seek, I suggest rec.humor.funny.

   Lighten up, folks!

I'm afraid you don't understand. We don't find you amusing.

There are large numbers of people on this list who's PROFESSION is
cryptography. There are also large numbers of people on this list,
such as myself, who have spent considerable effort studying the
subject. Then, someone like yourself comes in here, obviously trying
to sell a product (of dubious quality), and obviously lacking any
semblance of understanding of the field in which he is trying to sell
that product.  In short, you are garnering derision because the rest
of us find that you have an embarassing lack of knowledge of the
field. You are much like the fellow who finds a bag of scalpels and
decides to call himself a surgeon. You are at best a buffoon, and
dangerous at worst.


Perry Metzger
--
--
Perry Metzger		pmetzger@shearson.com
--
HELLO, I'm a more persuasive signature virus!  Join in the fun and copy me 
into yours!  C'mon, it's really fun!  And such a cool concept, too!  That's
it, just snip me out of this letter and append me to your .sig...PLEEEEZE??
