08-03-2007, 11:00 AM
|
|
Contributing Editor
Join Date: Feb 2007
Posts: 3,111
|
|
SFR Software Releases visCrypt
"visCrypt is a program for your Pocket PC to encrypt and decrypt any files and documents. You can secure any documents in the internal memory and on memory cards comfortably with visCrypt. Even saving of whole folders and subfolders is done quickly. Everything is safe with just a few clicks!"
When you're dealing with confidential information, a utility like visCrypt would come in handy - let's face it, theft of smartphones and PDAs are a potential hazard that we all have face, and not everyone has the backing of a corporate IT department willing and able to remotely wipe your device (which would require WM6 anyway). With visCrypt, this becomes less of an issue, if your main concern is the privacy of your data. You can download an unrestricted 30-day trial or purchase for �9.95 through SFR's website.
__________________
"A planner is a gentle man, with neither sword nor pistol.
He walks along most daintily, because his balls are crystal."
|
| |
|
|
|
08-03-2007, 03:52 PM
|
|
Philosopher
Join Date: Apr 2002
Posts: 574
|
|
Regarding the comment in the article: please observe that remote wipe works in WM5 as well. Remote wipe and encryption of memorycards was introduced in WM6. Given, most data is stored on the memorycard and not in internal memory.
Regarding the product: why was TwoFish chosen as encryption-algorithm while it lost the AES competion to the Rijndael (now called AES) algorithm? This tends to hint on a weaker algorithm.....
Jaap
|
| |
|
|
|
08-06-2007, 11:40 AM
|
|
Pupil
Join Date: Jun 2004
Posts: 17
|
|
Quote:
|
Originally Posted by JvanEkris
Regarding the product: why was TwoFish chosen as encryption-algorithm while it lost the AES competion to the Rijndael (now called AES) algorithm? This tends to hint on a weaker algorithm.....
Jaap
|
Twofish does not have any known weaknesses compared to AES (Rijndael).
The difference may be laying in few less encryption performance in
hardware implementations of Twofish, which is not relevant in this case.
SFR is using Twofish encryption in several of their products and it has
proven as a robust and fast algorithm.
|
| |
|
|
|
08-06-2007, 01:15 PM
|
|
Philosopher
Join Date: Apr 2002
Posts: 574
|
|
Quote:
|
Originally Posted by Tomcat
Twofish does not have any known weaknesses compared to AES (Rijndael).
|
That's can also be due to the fact that since Rijndael became a AES standard, they became the prime target of many scientific crypt-analysts (thus being heavily tested) and Twofish's use is marginal at best and isn't subject of study in any scientific research I've seen (and thus basically untested).
Jaap
|
| |
|
|
|
08-06-2007, 01:35 PM
|
|
Pupil
Join Date: Jun 2004
Posts: 17
|
|
Quote:
|
Originally Posted by JvanEkris
Quote:
|
Originally Posted by Tomcat
Twofish does not have any known weaknesses compared to AES (Rijndael).
|
That's can also be due to the fact that since Rijndael became a AES standard, they became the prime target of many scientific crypt-analysts (thus being heavily tested) and Twofish's use is marginal at best and isn't subject of study in any scientific research I've seen (and thus basically untested).
Jaap |
Nevertheless: No known weaknesses !
Thomas
|
| |
|
|
|
08-06-2007, 02:21 PM
|
|
Philosopher
Join Date: Apr 2002
Posts: 574
|
|
Quote:
|
Originally Posted by Tomcat
Nevertheless: No known weaknesses !
|
To put it more bluntly: there probably are no publicly known weakenesses because - Nobody with a rightous scientific motive is looking at it
- If somebody was, he did not get his findings published since his work is insignificant to the progress of te field (since it is an insignificant algorithm in terms of application)
So basically it can't be trusted because it is an encryption algorithm that did not pass a long and enduring scientific investigation (please be reminded that algorithms like SHA en MD5 were seriously comprimised after decades!).
So it is NOT an algorithm that has no publicly know weakenesses because it is a strong algorithm, it is an algorithm that has no publicly known weaknesses because nobody cares. That is a difference: it does NOT mean that the algorithm isn't/can't be compromised with the current state of the art of technology. It simply means that all the tricks applied to AES etc. haven't been tried on it.
So it might be an extremely weak algorithm with the current state of crypt-analysis, but nobody who is hones cares or is capable of publication. It does not mean that the bad people don't care or are incapable of craking it.
Jaap
|
| |
|
|
|
08-06-2007, 03:04 PM
|
|
Pupil
Join Date: Jun 2004
Posts: 17
|
|
Quote:
|
Originally Posted by JvanEkris
Quote:
|
Originally Posted by Tomcat
Nevertheless: No known weaknesses !
|
To put it more bluntly: there probably are no publicly known weakenesses because - Nobody with a rightous scientific motive is looking at it
- If somebody was, he did not get his findings published since his work is insignificant to the progress of te field (since it is an insignificant algorithm in terms of application)
So basically it can't be trusted because it is an encryption algorithm that did not pass a long and enduring scientific investigation (please be reminded that algorithms like SHA en MD5 were seriously comprimised after decades!).
So it is NOT an algorithm that has no publicly know weakenesses because it is a strong algorithm, it is an algorithm that has no publicly known weaknesses because nobody cares. That is a difference: it does NOT mean that the algorithm isn't/can't be compromised with the current state of the art of technology. It simply means that all the tricks applied to AES etc. haven't been tried on it.
So it might be an extremely weak algorithm with the current state of crypt-analysis, but nobody who is hones cares or is capable of publication. It does not mean that the bad people don't care or are incapable of craking it.
Jaap |
Find out more about crypt-analysis on twofish and other
AES finalist algorithms here:
http://www.schneier.com/paper-twofish-final.pdf
Thomas
|
| |
|
|
|
08-06-2007, 03:35 PM
|
|
Philosopher
Join Date: Apr 2002
Posts: 574
|
|
Quote:
|
Originally Posted by Tomcat
|
You are aware that this is a document that is 7 years old. It is also written by one of its designers. Although most crypto-designers are extremely intelligent, most attacks are found by people typically not on their design team.
Seven years is a huge time in cryptography. Some more recent analysis with more recently discovered atack vectors might be more convincing, but there are newer ways to attack blockciphers in general that also might apply to TwoFish as well. None of these are tested and published by honest people (and we will probably never know about dishonest people until it is too late).
As one of the co-designers mentions in a discussion:
Quote:
>Which is better: Rijndael or Twofish in terms of security and speed?
>How good do they compare?
My advice would be to use AES, not Twofish, unless there is some special
requirement that makes AES unsuitable. There's nothing particularly
wrong with Twofish -- I'm pleased with the design and how it has held
up -- but I think AES is even better, and AES is receiving more scrutiny
than any of the other finalists. This gives a powerful reason to prefer
AES over Twofish (or any of the other finalists, including Serpent,
for that matter).
Full disclosure: I was a co-designer of Twofish, so I'm probably biased.
|
I think, comming from one of the designers, is a pretty indicator why TwoFish shouldn't be used.
Jaap
|
| |
|
|
|
|
|
|
Linear Mode
