On Wed, Jul 17, 2013 at 1:54 PM, Collin Anderson <col...@averysmallbird.com>wrote:
> Wait, forgive me Libtech for amusing myself at the cost of your collective > inboxes but, is it just me or is the security page on what purports to be a > security tool empty? https://unsene.com/security.html > "Military-grade encryption", huh? That phrase always makes my spider sense tingle. >From their descriptions: • AES – a symmetric key that is considered to be very strong. We’re using the 256 bit version for the free version of our site, which is the maximum bit key size for this algorithm. We believe this is broken by the NSA and we believe it’s either real time or near real time decrypt-able. • XAES – a more secure and advanced version of AES, ours goes up to 4096 bits, which is über-strong. Unlikely to be broken as this has been customized from standard code libraries that aren’t widely known. Crypto mistake #1: "Our algorithm is secure because nobody knows how it works." https://en.wikipedia.org/wiki/Kerckhoffs's_principle Cool project, but I'm highly doubtful it'll be secure. They're making some fundamental mistakes, like confusing RSA X-bits with AES X-bits, and assuming their stuff won't be broken if they don't tell anyone how it works. > > On Wed, Jul 17, 2013 at 1:50 PM, Collin Anderson < > col...@averysmallbird.com> wrote: > >> > So, AES-128 is what they're using? >> >> Mo' money, mo' key length. >> >> *What’s the difference between the free version and the premium version?* >> >> *The free version provides 256-bit AES encryption and 2GB of free >> encrypted storage and allows sharing of files of up to 50MB. The premium >> version provides up to 1048-bit AES encryption and 50GB of encrypted >> storage and allows sharing of files of up to 40GB. Also, the key in the >> free version is pre-generated and stored on our servers, while with the >> premium version the user has the option to generate his own key and store >> it locally for even greater security. Keep in mind there is no “password >> recovery”, so you definitely won’t want to forget your passphrase!* >> >> >> >> On Wed, Jul 17, 2013 at 1:38 PM, <liberationt...@lewman.us> wrote: >> >>> On Wed, 17 Jul 2013 10:18:44 -0700 >>> Collin Sullivan <coll...@benetech.org> wrote: >>> >>> > http://unsene.com/blog/2013/06/15/is-most-encryption-broken/ >>> >>> ....haystack called and wants its media pitch back.... >>> >>> They say AES is broken and yet, "Military-grade security protects your >>> important private messages, photos and videos, everywhere. It's so >>> strong that we can't export it to Cuba, Iran, Sudan, and North Korea." >>> >>> So, AES-128 is what they're using? I believe you can only export 64-bit >>> or less keys without a license. >>> >>> This entire thing is dripping in snakeoil. >>> >>> -- >>> Andrew >>> http://tpo.is/contact >>> pgp 0x6B4D6475 >>> -- >>> Too many emails? Unsubscribe, change to digest, or change password by >>> emailing moderator at compa...@stanford.edu or changing your settings >>> at https://mailman.stanford.edu/mailman/listinfo/liberationtech >>> >> >> >> >> -- >> *Collin David Anderson* >> averysmallbird.com | @cda | Washington, D.C. >> > > > > -- > *Collin David Anderson* > averysmallbird.com | @cda | Washington, D.C. > > -- > Too many emails? Unsubscribe, change to digest, or change password by > emailing moderator at compa...@stanford.edu or changing your settings at > https://mailman.stanford.edu/mailman/listinfo/liberationtech >
-- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
