The Testing Area :: June Extensions



Quote (lucky13 @ June 20 2007,13:23)
How did you try it? I have it installed on a USB stick with PortableApps so I can use it between OSes. I've had no trouble with either Linux or Windows versions. I've set it up in an appdir in rox desktop so I only have to drag files onto it and a terminal pops up and prompts me for pass phrases.

I downloaded version 4.1.1 with libraries to an XP. It worked encrypting new files, but wouldn't decrypt files brought over from my linux machine.  I haven't tried the older version.  

EDIT: Which version are you using with PortableApps?
Versions: bcrypt (recent) is 1.1, zlib.dll 1.1.4 (was included in the Win32 binary from the official bcrypt page). I have brypt installed both as a PortableApp and on my XP box. Both work flawlessly and seamlessly with all files from Linux and BSD.
lucky: Bcrypt uses 448-bit key, the strongest Blowfish supports..
Quote (lucky13 @ June 21 2007,06:09)
Versions: bcrypt (recent) is 1.1, zlib.dll 1.1.4 (was included in the Win32 binary from the official bcrypt page). I have brypt installed both as a PortableApp and on my XP box. Both work flawlessly and seamlessly with all files from Linux and BSD.

Ah...that explains it.  Version 1.1 is from 2002.  The latest is 4.1.1  EDIT: 1.1 works!  
http://www.encryptsolutions.com/english/download/windows.html
Quote
You're correct ... you're also correct ..


I know I'm correct  :=)  (Just kidding! I occasionally do put my foot in it ... not this time)

Seriously, getting into a discussion abut the quality of an encryption app is very difficult for non-experts, which is probably most of us here (certainly me).

Even the experts and so-called "experts" get it wrong sometimes, and there's quite a lot of politics involved.  It can be quite hard to get definitive opinions.  About the only thing everyone seems to agree on is that gnupg/pgp is the standard.

That, and that users focus too much on ciphers and key lengths and not enough on the implementation and system and what happens to keys and  plaintext, including, as lucky13 says, using a decent password.

I was horrifed once to read an article in Linux Journal a few years ago by a so-called expert who laid out a scheme for encrypting the root filesystem on one's laptop using dmcrypt and a single-line unencrypted key on the usbstick.  If the usbstick gets into the attacker's hands, then that scheme is useless. A really bad, uninformed article.

About the best a non-expert can do is to google and look for criticisms of the particular prog or ways to use it better.

An instructive example is to follow the historical email list war between the dmcrypt/cryptsetupLUKS folk and loop-aes.  Mucho nastiness all round, but to my mind loop-aes came out as the clear winner because Jari Ruusu, the loop-aes developer, fired off a range of serious criticisms of the implementation of dmcrypt (and cryptoloop and truecrypt)  that all turned out to be correct.  But for a while, the dmcrypt developers, who were way behind loop-aes in terms of their development status (I think still are) and I think rather defensive, denied it all with FUD, said loop-aes was actually spreading FUD, and that the weakness described was not significant.  But in encryption, there's really no such things as an insignificant weakness per se, that's only something that makes sense in the context of a threat model.  Anyway they eventually moved to address some of Jari's criticisms.  Truecrypt acted much faster - in fact they responded to a similar criticism very fast indeed.  This is a bit of simplification of the whole story,otherwise I'd be typing here forever.

But you'll find people who'll say all this is back to front :=)
Next Page...
original here.