JAWS

New Message Reply About this list Date view Thread view Subject view Author view

Anonymous (nobody@replay.com)
Tue, 6 Oct 1998 18:21:59 +0200


Enzo Michelangeli [SMTP:em@who.net]:

>...and what exactly is a "scientific number", and when was
>the last of them "defined"? Or the first, for that matter?
>;-)

First, googolplex is a well defined scientific number
(10^(10^100)), which is much larger than 2^4096. See:
http://www.informatik.uni-frankfurt.de/~fp/Tools/Googool.html

Second. The number of guesses listed for a 40 bit key is the
worst case - on average it takes half that number.

The page being quoted is from an Information Week article on
the product. As such, the lack of clue may be the fault of
the IW author, not JawsTech. That said, there are other
things in the article which gives one pause.

While the page mentions that 'Jaws' "uses public-key and
private-key mechanisms", the algorithms used are not
named. There is a lot of discussion of both small (<512 bit)
and large (>1000) bit keys, without any indication that the
author understands the different key requirements of
symmetric vs asymmetric cryptography.

There is no discussion of key distribution mechanisms, or
any underlying PKI.

There is no mention of authentication or non-repudiation.

Some of the customers seem pretty clueless:

"Says Jim Fish, chief operating officer at Axion Internet
Communication Inc., "One hundred twenty-eight-bit encryption
has already been broken, and I don't think breaking 256-bit
is too far down the road." "

Going to the actual JawsTech pages...

Good point:

They don't like, or include, any key recovery mechanism.

Bad points:

I can't find any mention of public key being in the
product, short of one button marked 'Public key' in their
online demo. Only an apparently symmetric algorithm "L5" is
discussed. Their demo seems to show users entering ten
character typeable keys.

They include excerpts from an technical evaluation
performed by "SNC Kilborn Western Inc.". I've got a couple
problems with this.

SNC Kilborn seems to be a mining consultancy firm, best
known outside the industry for it's involvment in the Bre-X
gold mining scandal, in which it was accused of providing
fraudulently optimistic evaluations of mine potential. I see
no indication that it has any experience evaluating
cryptographic algorithms, and the author 'Don Madge' is not
a known name in the field.
http://www.canoe.ca/MoneyBreXSaga/jul25_brexswalsh.html

Mr. Madge's evaluation of L5 is only partially quoted on
the JawsTech pages, but reads like it was written by the JT
marketing department. The brief, quoted section contains
serious errors of fact, obvious to anyone familiar with the
field.

Consider this paragraph:

"L5 has a very large key, being expandable upwards from 4096
bits, which is the current level. Currently the largest
commonly usable encryption methodology has a 128 bit
encryption key. This is for secure transmission using a
Netscape browser on the Internet. It is available only in
the US and Canada and supplants the former 64 bit
system. Outside of certain major corporations,
e.g. telephone companies and banks, how this encryption
works is unknown. "

The algorithm description is too sketchy to be useful.
However, errors such as those in the above paragraph
leave me with serious doubts as to Mr. Madge's competency
to give an informed opinion on L5.

Name witheld.


New Message Reply About this list Date view Thread view Subject view Author view

 
All trademarks and copyrights are the property of their respective owners.

Other Directory Sites: SeekWonder | Directory Owners Forum

The following archive was created by hippie-mail 7.98617-22 on Sat Apr 10 1999 - 01:15:20