bestcrypt 7.20 vs drivecrypt 4.4

bestcrypt 7.20 vs drivecrypt 4.4
Secure Home | Search | About
Login Password
Register Now! Lost Password?
 Computer Software Security    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content add this group's latest topics to your Google content
Subject Author Date
bestcrypt 7.20 vs drivecrypt 4.4 supermazzinga 12-18-2006
Posted by supermazzinga on December 18, 2006, 7:37 am
If you were  Registered and logged in, you could reply and use other advanced thread options
I must choose between bestcrypt 7.20 or drivecrypt 4.4

I have fear of backdoor

both the software is not opensource and high risk for backdoor

I do not succeed to understand which it is secure

help me

thanks

Posted by Sebastian Gottschalk on December 18, 2006, 8:27 am
If you were  Registered and logged in, you could reply and use other advanced thread options
supermazzinga wrote:

> I must choose between bestcrypt 7.20 or drivecrypt 4.4
>
> I have fear of backdoor
>
> both the software is not opensource and high risk for backdoor
>
> I do not succeed to understand which it is secure

DriveCrypt is 1344 bit deluxe marketing bullshit. Thus, at any rate,
BestCrypt has a way better reputition.

If you care about open source, I wonder why you're running on Windows.
Anyway, both TrueCrypt and PGP Desktop Professional are open source (with
the latter just forbidding you run the self-compiled code, yeah, as if one
would care...).

Posted by supermazzinga on December 18, 2006, 8:53 am
If you were  Registered and logged in, you could reply and use other advanced thread options
On Mon, 18 Dec 2006 14:27:13 +0100, Sebastian Gottschalk

>supermazzinga wrote:
>
>> I must choose between bestcrypt 7.20 or drivecrypt 4.4
>>
>> I have fear of backdoor
>>
>> both the software is not opensource and high risk for backdoor
>>
>> I do not succeed to understand which it is secure
>
>DriveCrypt is 1344 bit deluxe marketing bullshit. Thus, at any rate,
>BestCrypt has a way better reputition.
>
>If you care about open source, I wonder why you're running on Windows.
>Anyway, both TrueCrypt and PGP Desktop Professional are open source (with
>the latter just forbidding you run the self-compiled code, yeah, as if one
>would care...).


pgp is write in USA and have backdoor for decrypt.

my problem is backdoor


Posted by Matthew Fanto on December 18, 2006, 9:23 am
If you were  Registered and logged in, you could reply and use other advanced thread options

supermazzinga wrote:
> pgp is write in USA and have backdoor for decrypt.
>
> my problem is backdoor

That is complete nonsense. Just because something is written in the US
doesn't imply it has a backdoor.

And just because it's open source doesn't mean there is no back door.
Are you going to audit every single line of source code? Have you
audited every line of code in your compiler? How about in your
operating system?

Any software you are going to find probably uses AES and TripleDES. DES
was a US design, and both AES and DES are certified by NIST.

DriveCrypt talks about some 1344-bit strength, which in itself
nonsense. None of the algorithms listed on their site supports that
size key, and there is no reason for that large of a key anyway.

TrueCrypt and PGP Disk are the best choices, IMHO.

-Matt


Posted by Sebastian Gottschalk on December 18, 2006, 9:40 am
If you were  Registered and logged in, you could reply and use other advanced thread options
Matthew Fanto wrote:

> And just because it's open source doesn't mean there is no back door.
> Are you going to audit every single line of source code? Have you
> audited every line of code in your compiler? How about in your
> operating system?

The demand for cryptographic software being open source does not just come
from trust implications but more from implementation correctness. It's so
easy to make an entire cryptographic system void with a little
implementation error, and many companies have proven this. Open source
gives you and many auditers the opportunity to check the cryptographic core
and the general quality of the implementation.

> Any software you are going to find probably uses AES and TripleDES. DES
> was a US design, and both AES and DES are certified by NIST.

I presume you still meant 3DES. The classical DES has got its certfication
revoked some months ago. :-)

> DriveCrypt talks about some 1344-bit strength, which in itself
> nonsense. None of the algorithms listed on their site supports that
> size key,

Triple-Blowfish (3*448 = 1344)

> and there is no reason for that large of a key anyway.

And neither any good reason why 3-BF should even achieve such a security.
Paying careful attention to the Meet-in-the-middle attack and using hash
chains to linearly transfer the memory tradeoff back into a time tradeoff,
the effective security is always limited to 2*keysize, thus it's only 896
bits worth.

Similar ThreadsPosted
Bestcrypt, Truecrypt or other - what should I use? December 14, 2005, 11:26 am
Drivecrypt won't open dcv file on DVD disk February 10, 2008, 11:57 am
Drivecrypt pre-boot auth versus multiple users October 11, 2005, 3:12 pm

The site map in XML format XML site map

Contact Us | Privacy Policy