|
Nathan wrote: > I've decided to not offer an encryption solution to others. I have > several reasons. I don't know U.S. law well enough. You may well be right to worry about this. Phil Zimmerman was threatened with prosecution for a long time over PGP, although I understand that US export controls on cryptography have been relaxed since those days. > The secrecy of the algorithm. The secrecy of the key. There is a fundamental flaw with relying on the secrecy of the algorithm. No matter how cryptic it is someone will eventually crack it, possibly by taking the shortcut of buying your product and reverse engineering it. The moment it is cracked that factor of the system's strength has vanished entirely. Of course if the algorithm is open the secrecy of the key is everything. A compromised key, however, can be revoked and replaced at any time. As a matter of interest, and without giving away any details, I presume the system you have developed is a public key / private key one? Secure encryption using a very long truly random single key is trivial. The problem then becomes one of distributing the key securely and controlling access to the remote copies. Dave... ======================================================= The opinions expressed in this communication are my own and do not necessarily reflect those of my employer.
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.