Date: Thu, 12 Jul 2007 12:35:57 -0700 From: "David Schwartz" <davids@webmaster.com> To: "Jim Capozzoli" <saltmiser@gmail.com>, =?utf-8?Q?Dag-Erling_=22Sm=C3=B8rgrav=22?= <des@des.no> Cc: chat@freebsd.org Subject: RE: ADVERT: C12G Message-ID: <MDEHLPKNGKAHNMBLJOLKGEAIFEAC.davids@webmaster.com> In-Reply-To: <86wsx5h487.fsf@dwp.des.no>
next in thread | previous in thread | raw e-mail | index | archive | help
> I would strongly advise against using any cryptographic product based = on > an algorithm which was designed by an amateur and has never been = subject > to review or cryptanalysis. >=20 > DES There are what appear to me on quick inspection to be serious flaws in = the this software. For example, it uses RSA without proper padding. The = website says "E-mail is encrypted using the RSA public-key cryptosystem = thus eliminating security risks from symmetric ciphers." Any security = expert will tell you that this raises immediate red flags. (And = inspection of the code strongly suggests that it's as bad as it sounds.) DS
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?MDEHLPKNGKAHNMBLJOLKGEAIFEAC.davids>