8 February 2001
These respond to the Cryptome product reference "Top Secret Crypto" http://www.topsecretcrypto.com
Additional responses welcomed. IDs deleted by Cryptome.
The original message to Cryptome: From: "MacGregor K. Phillips" <[email protected]> To: <[email protected]> Subject: Top Secret Crypto Date: Wed, 7 Feb 2001 19:34:52 +0800 Dear Sir, After visiting your web site I thought you might me interested in Top Secret Crypto, a program I have written. For more information visit www.topsecretcrypto.com. If you want to evaluate the program just let me know and I will e-mail you a copy. Sincerely, MacGregor K. Phillips
Date: Wed, 7 Feb 2001 17:34:35 -0800 From: "david" To: <[email protected]> Subject: Top Secret Crypto If you care about security how can you push code that doesn't even come with source code. The more I read the ad the more it sounded like SNAKE OIL DAVE
To: "david" From: John Young <[email protected]> Date: Wed, 07 Feb 2001 20:45:37 -0500 Subject: Top Secret Crypto Dave, I know, I plead guilty, the name and promo and solo act just seemed funny and gutsy over the top snake oil. Usually I don't promote any commercial products, not least because most of them blow more shinola than TS Crypto but dressed in sleazy corporate grey flannel. To be sure TS may be a corporate scam. John
Date: Wed, 7 Feb 2001 18:05:04 -0800 From: "david" To: John Young <[email protected]> Subject: Re: Top Secret Crypto Over the years I have written to you several times (different address) I am a retired electronic engineer I worked at [US Navy's] China Lake for 26 years. Crypto has always interested me. My own code is considered snake oil by the so called crypto gods. But I would be happy if you checked out my web page sometime. I wrote scott16u and scott19u The web site is http://members.nbci.com/ecil/index.htm My other hobby is compression. Especially compression that is used before encryption and I have several pages there on my compression methods.
Date: Wed, 7 Feb 2001 16:33:21 -0800
From: SS To: [email protected] Subject: Top Secret Crypto *** BEGIN PGP DECRYPTED/VERIFIED MESSAGE *** Far be it from me to say you shouldn't list something interesting on Cryptome. But... Did you have an indication that their product is really something exciting? I am always cautioned in these matters by the wise and regularly repeated comments of Bruce Schneier: http://www.counterpane.com/crypto-gram-9902.html - "Snake Oil" http://www.counterpane.com/crypto-gram-9904.html - "Importance of Not Being Different" http://www.counterpane.com/whycrypto.html - "Why Cryptography is Harder Than It Looks" http://www.interhack.net/people/cmcurtin/snake-oil-faq.html - "Snake Oil FAQ" etc. Schneier has been harping for years on the point that reasonable security requires published, peer-reviewed systems. And there are tons of companies with their own idiosyncratic cryptosystems and almost all of them are no good at all and there is no opportunity for anyone to _know_ whether or not they're any good. In cryptography as in other parts of mathematics, it's a big red flag when somebody says "I've been working on this all by myself for 20 years and not in touch with the community". The problem is of course not that independent and self-taught researchers are stupid, but that it's easy to misunderstand the nature of a problem, or how to recognize the validity of a potential solution. _That_ part is so difficult that only a tiny handful of mathematicians have ever been able to do it on their own -- like Srinivasa Ramanujan, and nobody else I can think of. Even the great misanthropes and hermits (not Hermites) of mathematics tended to correspond and try to understand and critique one another's work. It's really easy to invent a cryptosystem (I've done it!) and really hard to invent a secure one. Even understanding what's meant by a secure cryptosystem is a very difficult matter: why is one 64-bit system "more secure" than another, or 64-bit RC5 stronger than 1024-bit RSA? Why is a one-time pad "perfectly secure" and no other cryptosystem ever perfectly secure? I can _almost_ answer those questions, conceptually, and the math is still a challenge, though I'm working on it and I love to hang out with cryptographers. But the prospects are not really very good for those who work in isolation. And that's the case with almost all of these small (like one-person) companies which have developed their own idiosyncratic cryptosystems. And indeed Schneier and his colleagues like Matt Blaze, Ian Goldberg, David Wagner, and Marc Briceno have been completely willing to "put their money where their mouth is" by repeatedly breaking these idiosyncratic, proprietary, or non-peer-reviewed systems. You know all about lots of those stories; the common thread has been that somebody decided to invent or use a cryptosystem "from scratch" without letting the community of cryptographers poke at it. And of course this is the story behind Andreas Bogk's improvements to DeCSS, etc.: once the CSS algorithm became known, it turned out that it was a really weak system and could be broken in a very straightforward way. But for some weird reasons of their own, the DVD CCA decided to create their own special algorithm instead of using something peer-reviewed and time-tested. And they lost, or at least we're hoping that they lost. Now actually looking at the web page that prompted me to write this, I immediately see a problem: For its conventional encryption algorithm it uses the One Time Pad Encryption System, which is considered Unbreakable in Theory and Practice when used correctly. Unfortunately, from this sentence alone we know that this product is _not_ using one-time pads correctly! The theorem that says that one-time pads are unbreakable stipulates that you have a perfect key-exchange mechanism. But the fact that this is a "conventional encryption algorithm" inside a larger product requires that they have some kind of key-exchange, and if they're going to provide that in software it's not going to be perfect. Sure enough, the web site says uses the RSA Public Key Encryption Algorithm which is a well-known key-exchange method which is well-known _not to be percect_. And its inventors never claim that it is perfect, just that it's useful. But you'll never hear any claim from Rivest, Shamir, or Adleman that RSA is "Unbreakable", just that it's infeasible to break on average by any known method using any known computer system. And they can potentially show that if certain math results are true, it will be permanently infeasible on any sequential computer. OK, so to use OTPs "correctly" you have to have a perfectly secure key exchange, which RSA is not. So immediately the OTP is being used incorrectly and is no longer Unbreakable in either Theory or Practice. That doesn't mean that Top Secret Crypto is any _less_ strong than something like GPG; but it shows that the author has some issues that he might want to address before claiming his software is in a league of its own. -- [Sig omitted] *** END PGP DECRYPTED/VERIFIED MESSAGE ***
Date: Thu, 8 Feb 2001 04:26:17 -0500 (EST) From: DL To: [email protected] Subject: top secret crypto oy, all of these one-time-pad implementations are a load of bullshit.