Mark Rosen (mrosen@mach5.com)
Tue, 15 Sep 1998 23:12:06 -0400
There was an article in the WSJ a while ago that said that Price Waterhouse
had adopted their product for internal use and was reccomending it to their
consulting clients.
Sheesh.
- Mark Rosen
http://www.mach5.com/
> -----Original Message-----
> From: owner-CodherPlunks@toad.com [mailto:owner-CodherPlunks@toad.com]On
> Behalf Of Blake Coverett
> Sent: Tuesday, September 15, 1998 9:47 PM
> To: CodherPlunks@toad.com
> Subject: Fw: tristrata
>
>
> >Just think of it as snake oil, and we'll all be happier.
> >
> >Perry
>
>
> Umm... yup. Apparently well-financed/connected snake-oil too,
> which is kinda scary.
>
> >From their web site: http://www.tristrata.com/html/ref/fm_rks.htm
>
> Since the Vernam Cipher uses no complex algorithm or mathematics
> to encrypt
> the message, the cryptanalyst's job is made impossible. Even with both the
> plain text and the cipher text, the only thing the cryptanalyst can
> determine is the key used for that particular message. Yet this
> knowledge is
> of no importance, since that key and any partial key derived from it will
> never be reused. No matter how much mathematical analysis or
> computing power
> is applied to the cryptanlysis of RKS, there is simply no algorithm and no
> underlying pattern to break.
>
> and even:
>
> The secret is the effective management of a virtual keystream over 10^30
> bytes long.
>
> Which makes it sound like they have a clue what a OTP is
> supposed to be... but then they go on with:
>
> To encrypt a file, the user must first request a permit from the TESS -
> TriStrata Enterprise Security Server. This permit contains
> information which
> allows the user to encrypt the file at his local workstation.
> Along with the
> permit, the TESS also sends a seal. The seal is attached to the encrypted
> document. Only the TESS can open the seal - the data in the seal is not
> accessible to the user. The document with the seal attached can now be
> emailed, stored on a common file server, or transmitted in any manner. The
> seal contains all the information necessary to decrypt the document. To
> decrypt a file, a request for decryption is sent to the TESS
> along with the
> seal. A permit is returned from the TESS allowing the decryption to be
> performed locally.
>
> Which doesn't really need any commentary. Somehow I don't believe that
> 'permit' is going to be a OTP the same length as the message... oh, and:
>
> Mutual authentication between a user and the TESS occurs via the Private
> Access Line (PAL), a low-overhead security protocol that runs between the
> Client/Entity and the TESS over the Internet or any network.
>
> Ack. Using their own proprietary, super-secret
> protocol/algorithm no doubt.
>
> -Blake (who wants to know who that banking customer they claim
> is, in order
> to avoid them religiously)
>
>
The following archive was created by hippie-mail 7.98617-22 on Sat Apr 10 1999 - 01:13:59