At 09:01 PM 5/22/2002 +0200, Axel H Horns wrote: >http://www.steganos.com/en/cng/ > >In view of its crypto properties, is "Steganos Crypt & Go" a usable >alternative to PGP or GnuPG? Or is it snake oil?
I haven't used the software myself; but according to the webpage you mention, the software encapsulates messages in executable files which are to be run by the recipient. I believe that model is fatally flawed, for a number of reasons (not necessarily ranked in order of severity) - 1. Platform independence - what if the executable won't execute on your recipient's system? The marketing material at <http://www.steganos.com/en/cng/Crypt%20and%20Go%20-%20Flyer_en.pdf> says that it only runs on Windows systems. What if you want to correspond with someone who uses a Mac, or a Unix workstation, or runs a non-Windows OS on their PC hardware? Will the messages be readable in 10 years, even on a Windows system? 2. Private key encryption - it appears to use only private key encryption ("The recipient requires no special software, because Crypt & Go packages decode themselves after the password is entered.") This means that you've got to pre-arrange & manage keys to use with your correspondents, with all of the attendant hassles. 3. Execution of unsolicited, unknown programs - if the recipient doesn't have special software, how do they know that the executable they received (a) is really from you, and (b) is what it purports to be? What if it's email sent by a virus like Klez? An incoming might be from a third party who had the two of you in his address book when s/he was infected. It's wildly irresponsible and reckless to run executables received unsolicited via email, which is exactly what Crypt-and-Go depends on. (In light of Klez and other email-forging viruses, it should be abundantly clear that it's not good enough to rationalize "well, I recognize the name of the person in the From: header, so I guess this is safe".) Sure, a reasonable response to (3) is to install a virus scanner, and/or special crypto software which will authenticate the message before running the executable .. but if you've done that, you've abandoned the "no special software" marketing feature, and might as well just mail text documents back & forth, since you've got an authentication scheme you trust. They say they use 128-bit AES - which sounds fine, if it's implemented appropriately - but even assuming a bulletproof AES implementation, the other aspects of the package make it, in my opinion, a danger to its users, who would be better served sending emails in the clear or faxes. -- Greg Broiles -- [EMAIL PROTECTED] -- PGP 0x26E4488c or 0x94245961 --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
