Now we already know the algorithm you used and anyone can perform their cryptanalysis if they want to ... |
For all I know, your app harvests my passwords and sells them. |
And what happens when your crypanalysis lead you to same place those secure ones like Blow Fish do. |
Even if we could reverse the algorithm of PwdLocket's encryption (which we cannot) |
Ang wrote: |
---|
Even if we could reverse the algorithm of PwdLocket's encryption (which we cannot) |
What happens when a child on a bike starts riding so fast that he reaches 80MPH and takes it to the freeway? Yes, a silly question right? |
Not a silly question in this context where helios assumed that my developer an/or his collaborators are not experienced in the field on encryption and app security. |
Due to that misconception, he claimed that if he applies cryptanalysis he would be able to crack it. My question therefore is valid as I see him standing with a mouth full of teeth when he finally realizes that Password Locket is as secure as it would have been if one used an algorithm like Blowfish. |
Schneier stated: Anyone, from the most clueless amateur to the best cryptographer, can create an algorithm that he himself can't break. |
The comment about indistinguishability under different attack models is one reason why most "decipher this message crypto challenges" are completely bunk. They often simply give an attacker some ciphertext, ask them to decipher it, and declare victory when nobody produces the plaintext after some amount of time. Unfortunately that's not how crypto works in the real world; attackers have many more tricks up their sleeve in practice. They can trick computers into encrypting data of their choosing, they can trick computers into decrypting data of their choosing, and they can usually even do these things thousands, millions, or billions of times. |
Uh - this reverse I'm speaking about is reverse to recover lost passwords without the recovery key |
Ang wrote: |
---|
To ensure that we are not doing this you could easily enough yourself use an application like wireshark or zone alert to verify that no network comms is taking place from PwdLocket ever. |
Even if we shove it in your face, you're the only one that would benefit from that. |
She is a liar, contradicting herself and changing her story with every post |
So you're claiming that my fears of password harvesting are unfounded because you can't reverse the algorithm. |
Not only is your algorithm so weak that we found it would be possible to break it ourselves |
How do you figure - that would discredit me and my company completely as cracking it would constitute actual proof instead of just talk. |
And once again I say PLEASE PROVE IT BIG MOUTH |
and discredit me and my company - go for it. |
Don’t let other people wind you up with their stupidity — don’t give other people control of your own emotions. |
// // // Password Locket Information // // ////////////////////////////////////////////////////////////////////// IMPORTANT: On initial startup of the application the password required will be the default which is: 'password'. This password should be changed in order to ensure that the data protected by the utility is secure. After the main password (the password required for opening the utility) has been changed, a file called 'PwdRecovery.key' will be created. This file should be stored in a safe location and only used in the event of recovering the main password. Due to the data encryption techniques employed in this application being very strong and therefore virtually unbreakable (or at least not easily so), your password recovery key file will be your only means of recovering your main password if forgotten. Ensure therefore that you have this file backed up safely as not even we (ShanKoDev), the owners of the encryption algorithms employed in this app will be able to recover this for ourselves or anyone else. CREATOR: <REDACTED> COMPANY: ShanKoDev IT Systems PURPOSE: A windows based application capable of running on very old windows versions (Windows 98) to the latest (Windows 10+). Its purpose is to allow for storing and retrieval of passwords for other logon details in a secure manner. |
Copyright (C) 1992-1993 Jean-loup Gailly This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2, or (at your option) any later version. |