Loading ...
Sorry, an error occurred while loading the content.
 

Re: [peditors] encryption - pedit - pToolSet

Expand Messages
  • Ray Drew
    # I forgot to tell that pToolSet has already a built-in encryption interface but I have not enabled it yet since I have not found the engine yet. # I know
    Message 1 of 10 , May 6, 2003
      #
      I forgot to tell that pToolSet has already a built-in encryption interface
      but I have not enabled it yet since I have not found the "engine" yet.
      #

      I know next to nothing about this - I do use cipherda...

      http://yanoff.sourceforge.net/cipher-da/cipher-da.html

      which is based on...

      http://www.klawitter.de/palm/cipher.html

      which says...

      " If you want to reuse the program code in one of your own programs you may
      have to ask patent holder and the Cryptics Development Team for permission
      first."

      Regards,

      Ray


      [Non-text portions of this message have been removed]
    • philhair@aol.com
      Dear Paul, I have some knowledge of encryption techniques as they apply to computing -- but be advised that I have amateur status here, since nobody pays me
      Message 2 of 10 , May 6, 2003
        Dear Paul,

        I have some knowledge of encryption techniques as they apply to computing --
        but be advised that I have amateur status here, since nobody pays me for this
        stuff. You do not need to use anyone else's library, since (I understand)
        DES encryption/ decryption is built into the Palm OS. Although DES is
        considered "inadequate" in that a supercomputer or large network can crack it
        in only a few days, Triple DES which uses 3 applications of the algorithm,
        has an effective combined keylength of about 112 bits. (Don't look down on
        this because it isn't 128 or 256 bits. An attack on this level of security
        is well beyond the computing power we're likely have for the next 100 years.
        It'd be easier to break into your house/ appartment/ office and steal your
        hardcopy or bug your computer. These techniques are known as Watergate and
        Tempest, resepectively.)

        A good introductory text on this subject is _Applied Cryptography_ by Bruce
        Schneier, (c) 1994, John Wiley & Sons, Inc., ISBN 0-471-59756-2.

        I would also suggest the Palm program Keyring, <A HREF="http://gnukeyring.sourceforge.net/">
        http://gnukeyring.sourceforge.net/</A> which would be especially useful because
        it is public domain with source available. An explanation of Triple DES is
        included in the web page. Please be advised that you will need a strong
        random number generator, and a secure hash algorithm as well to make this
        work, both of which should be included in the listing.

        There is another reason that you should consider using the built-in DES
        routines. Since the OS would be doing the encryption (not your program), I
        believe that such an enhanced Pedit would not be subject to export controls.
        This means that you could still sell the software from your website without
        getting unfriendly visits from government agents. Philip Zimmerman (creator
        of PGP) found out that this was a real possibility.

        If you like, I'd be happy to discuss this further with you.

        Yours truly
        -- Phil Hair

        In a message dated 2003-05-06 19:05:45 Eastern Daylight Time,
        peditors@yahoogroups.com writes:

        > Hi Guys:
        >
        > Those of you who are "experts" [more or less] in encryption, please take a
        > look at
        >
        > http://www.copera.com/AESLib/
        >
        > and let me know if this would be OK for pedit and pToolSet to use. Or do
        > you
        > know any better Palm ported and readily available encryption SDK or library
        > which you'd recommend? I really need your help since I am not an expert on
        > encryption [well, I am not an "expert" in anything],
        >
        > Best regards, Paul
        >


        [Non-text portions of this message have been removed]
      • Ian Soboroff
        ... Intrigued, downloaded, browsed source. They in fact don t use the built in routines anymore, but something called pilotSSLeay. You can get info and
        Message 3 of 10 , May 7, 2003
          philhair@... writes:

          > I would also suggest the Palm program Keyring, <A
          > HREF="http://gnukeyring.sourceforge.net/">
          > http://gnukeyring.sourceforge.net/</A> which would be especially
          > useful because it is public domain with source available. An
          > explanation of Triple DES is included in the web page. Please be
          > advised that you will need a strong random number generator, and a
          > secure hash algorithm as well to make this work, both of which
          > should be included in the listing.

          Intrigued, downloaded, browsed source. They in fact don't use the
          built in routines anymore, but something called pilotSSLeay. You can
          get info and source on this from
          http://www.isaac.cs.berkeley.edu/pilot/, but the Keyring author does
          not include the source, only the binaries. You can get the source
          from the above URL.

          The nice thing about pilotSSLeay is that it's a straightforward patch
          on SSLeay, free software for doing SSL. As such it does a lot more
          than just 3DES.

          > There is another reason that you should consider using the built-in
          > DES routines. Since the OS would be doing the encryption (not your
          > program), I believe that such an enhanced Pedit would not be subject
          > to export controls. This means that you could still sell the
          > software from your website without getting unfriendly visits from
          > government agents. Philip Zimmerman (creator of PGP) found out that
          > this was a real possibility.

          US Export laws changed in the last couple of years regarding this.
          This may no longer be true, or at least no longer be as complicated.
          In particular, if the encryption source code is available I believe
          (IANAL) that export is OK. Bruce Schneier may have some relevant info
          on his page.

          Ian
        • John Harms
          ... Paul -- I also would be glad to test pedit encryption. However, it would need to be as good or better than Memo Safe, which I currently use extensively.
          Message 4 of 10 , May 7, 2003
            > From: "Ian Soboroff" <ian.soboroff@...>
            > I've used a number of encrypted notepads on my Palm, I'd be glad to
            > help test such a feature in pedit!

            Paul --

            I also would be glad to test pedit encryption. However, it would need to be
            as good or better than Memo Safe, which I currently use extensively.

            "Memo Safe uses the Safer-SK encryption algorithm originally published by
            James L. Massey. Many thanks to Peter
            Gutmann who developed and distributed the open source cryptlib encryption
            library." Quoted from:

            http://www.deepnettech.com/memosafe_readme.txt

            Memo Safe's encryption algorithm is mentioned as an adequate securitiy
            mechanism for sensitive Protected Health Information.

            http://its.med.yale.edu/security/PDA/

            -- JohnH
          • Lonnie Foster
            ... I don t do crypto professionally, but I do try to keep up on trends in the cryptograhic community. AESLib is an implementation of the Advanced Encryption
            Message 5 of 10 , May 8, 2003
              * Paul Nevai <nevai@...-state.edu> [2003-05-06 08:20 -0400]:

              > Those of you who are "experts" [more or less] in encryption, please take a
              > look at
              >
              > http://www.copera.com/AESLib/

              I don't do crypto professionally, but I do try to keep up on trends in
              the cryptograhic community. AESLib is an implementation of the
              Advanced Encryption Standard, which is, by most accounts I've read,
              one of the strongest cryptographic algorithms in existence. The
              algorithm used in AES is called Rijndael; it won an international
              competition held by the NIST a couple years ago to find the best
              encryption algorithm in the world.

              One of the best reasons to use AES is that it's entirely open source,
              which means that real experts in the cryptographic community can
              freely poke through the code for weaknesses. Rijndael has already been
              subjected to intense scrutiny by the brightest minds in the crypto
              community, and it will continue to receive such scrutiny, which is the
              best guarantee you can have that an encryption algorithm hasn't been
              compromised. As soon as anyone spots a weakness in a public algorithm
              like this, the fact that it's broken will be broadcast far and wide,
              giving you an opportunity to find an alternate means of protecting
              your data.

              I was happy to see Copera announce AESLib a few months ago. I
              don't currently have any Palm OS projects that require encryption, but
              I've kept Copera's site bookmarked just in case. It's much easier to
              use a good library interface than it is to try copying code from the
              official AES home page (http://csrc.nist.gov/CryptoToolkit/aes/).

              If integrated into pedit, AESLib would provide one of the strongest
              cryptographic products available on the Palm OS platform.

              --

              /|\ Lonnie Foster <lonnief@...> http://pobox.com/~tribble
              \|/ Why isn't phonetic spelled the way it sounds?
              /|\
            Your message has been successfully submitted and would be delivered to recipients shortly.