On 25 Mar 2010 11:25:21 GMT, Thomas Pornin<pornin@bolet.org> wrote,
quoted or indirectly quoted someone who said :
The point is that publishing some crypto code without any warning about
its potential weaknesses has a high potential for being harmful. That's
the problem with cryptography: you cannot test the security. Even if it
compiles and runs, you cannot know whether it is weak or not. I suggest
adding a "warning" section on the subject.
There are a number of warnings in the file transporter.use.
I have added this paragraph:
Design Philosophy
A major concern for anyone using any form of encryption is trusting
the author not to hide any trap doors in the code to snoop. He also
has to trust government and military experts not to withhold some
secret technique to crack a proffered encryption algorithm or
information about their advanced hardware abilities to crack codes
(e.G. some sort of quantum cracking). The problem is modern
cryptography is highly complex. What I have done is pare the
encryption logic down to the bone so that it would be simple enough
for the average Java programmer to understand line by line, and ensure
himself the program does exactly what it claims to. I used the
mathematically Spartan RSA algorithm. This means the program is
missing features like hybrid symmetric key, AES and chaining that
would have increased its speed and resistance to cracking. I have
also posted the source for anyone to examine. There are thus more
eyes looking for anything improper, possibly accidental. To verify my
code, you would also want to verify Java's secret key generator. If
in any way it were not secure, the whole encryption scheme would be a
house of cards. If you are a diplomat and need 100% unreachably, you
should probably not be using commercial software. Your people should
write your own one-time-pad software. The Soviets used a one-time
paper one time pad system successfully for years.
see http://mindprod.com/project/uncrackableencryption.html