The authors have announced and fixed one bug where the keys
generated were always the same. Full scrutiny would be advisable
before deployment.
Bluefish wrote:
>
> I've received some questions by email which are beyond my ability to
> answer. The questions are about the cryptographic strength of the plugin
> for bo2k (3DES IIRC, see www.bo2k.com and www.cdc.com, down once in a
> while it seems). If anyone don't know what bo2k is, it's a remote control
> utility which has caused some discussions regarding ethics which are off
> topic here...
>
> Basicly I wonder if there is any evaluation of how strong the encryption
> is. I'm aware that that 168 bit is concidered "NSA-secure" and that 3DES
> is concidered secure, but what about
>
> -- 3DES algorithm used correctly?
> -- Key generation: Good PRNG, Bad PRNG, Good Hash, Bad Hash?
>
> And any other subject which might come into mind.
>
> //blue