T D
Downloads: 0
Posts: 3
Smile Score: +1
About Me
I am a Free member


Visit Stats
Member Since: 16 Oct 2006
Profile Views: 584

T D's Posts
Average Rating from T:

sort: smiles | time
burypromote
+1
MEHMEH commented on 06 May 2007
Just a few suggestions...

1) Blowfish's key length is variable from 4 to 56 bytes, however, Java's export restrictions only allow a maximum of 16 bytes. It's not 'Any length' as described in the 'Algorithm info' window.

2) ARC4's key length is variable from 1 to to 256 bytes, but again Java's export restrictions cripple this to a maximum of 16. It's also not 'Any length'.

3) The block ciphers only use ECB mode, and since a picture is worth a thousand words, I'll let the picture at the bottom of this section on Wikipedia explain why that's bad: http://en.wikipedia.org/wiki/Block_cipher_modes_of_operation#Electronic_codebook_.28ECB.29

4) RC4 is used in a more insecure way. There are no precautions taken against the Fluhrer, Mantin and Shamir attack.

5) The password input is used directly as a key, unless the password is greater than the key length, at which point it is hashed with SHA-1 and truncated to key length. Wouldn't it be better to just use truncated SHA-1 or SHA-256 in the first place? You might also want to use a salt.

6) There's no checking before decryption to see if the password entered was correct. I can understand the reason for this from a power user perspective, but Joe User is going to complain heavily to you when he decrypts his document with the wrong password and it comes out as garbage, but is still unaware of what went wrong.
[Version 0.21]



burypromote
MEHMEH commented on 12 Feb 2006
Dev deserves a cookie. Indeed very cool, and worth the download.
[Version 0.0.2a]



burypromote
MEHMEH commented on 27 Aug 2004
This is a great app, and by-far the best BT Client on Mac. It makes the Official Client look pathetic. Kudos!
[Version 2.1.0.4]



There are currently no troubleshooting comments by this member.

Displaying 1-3 of 3
Please login or create a new
MacUpdate Member account
to use this feature


- -