bestcrypt 7.20 vs drivecrypt 4.4

bestcrypt 7.20 vs drivecrypt 4.4
Secure Home | Search | About
Login Password
Register Now! Lost Password?
 Computer Software Security    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content add this group's latest topics to your Google content
Subject Author Date
bestcrypt 7.20 vs drivecrypt 4.4 supermazzinga 12-18-2006
Posted by Matthew Fanto on December 18, 2006, 10:51 am
If you were  Registered and logged in, you could reply and use other advanced thread options

Sebastian Gottschalk wrote:

> The demand for cryptographic software being open source does not just come
> from trust implications but more from implementation correctness. It's so
> easy to make an entire cryptographic system void with a little
> implementation error, and many companies have proven this. Open source
> gives you and many auditers the opportunity to check the cryptographic core
> and the general quality of the implementation.


But the argument was about backdoors, so I restricted my comment to
backdoors. I think it was Ritchie who showed backdoors by modifying the
compiler. Thus even though the applications code has been reviewed, the
compiler can still insert malicious things.

I'm all in favor of open source software. I was just attempting to show
the fallacy in assuming because it's open source, it's safe.

>
> > Any software you are going to find probably uses AES and TripleDES. DES
> > was a US design, and both AES and DES are certified by NIST.
>
> I presume you still meant 3DES. The classical DES has got its certfication
> revoked some months ago. :-)

Yes, there should be a 3 in front of that DES.


> > DriveCrypt talks about some 1344-bit strength, which in itself
> > nonsense. None of the algorithms listed on their site supports that
> > size key,
>
> Triple-Blowfish (3*448 = 1344)

Good catch. I didn't entertain the idea of 3-BF, and thus didn't think
about 3*448 = 1344. I was thinking of a few different cascade (though I
really didn't think too hard) options and none of them adding to 1344,
and decided the 1344 probably came from some homebrew cipher we see on
sci.crypt so often.


> > and there is no reason for that large of a key anyway.
>
> And neither any good reason why 3-BF should even achieve such a security.
> Paying careful attention to the Meet-in-the-middle attack and using hash
> chains to linearly transfer the memory tradeoff back into a time tradeoff,
> the effective security is always limited to 2*keysize, thus it's only 896
> bits worth.

I agree, but I also think a key size of 896-bits is overkill.

-Matt


Posted by macarro on December 20, 2006, 5:46 am
If you were  Registered and logged in, you could reply and use other advanced thread options

> pgp is write in USA and have backdoor for decrypt.

What a load of rubbish, but if you believe it then all Microsoft
products are written in the USA and have backdoor so as long as you use
it you are backdoorered.

You are using Giganews to post which is based in the USA, that means the
CIA can access your logs anytime.

You also using Forte Agent to post which is made by an US company,
everything you type is keylogged.

And if you drink a Coca cola made in the USA it will spy inside your
stomach too.

>
> my problem is backdoor
>

I bet you put all this effort in backdoor and then you leave the WINDOWS
of your house wide open. Swap file? ISP logs? Trojans in your computer?
Unsafe pirated software installed? Screensaver password?etc?

Sure backdoors are important but they will attack your weakest point,
always, so do not overlook them.

That also applies to keysize, Drivecrypt 1344 bit encryption? OK, but
then is it really AES 128 easier to crack than AES 256? I have lots of
information encrypted with AES 128 and I could not be arsed to change
the algorythm, much rather working making my passphrase bullet proof,
that is the weakest point.


--
Mapping the internet 24/7 http://www.netdimes.org


Posted by nemo_outis on December 18, 2006, 12:57 pm
If you were  Registered and logged in, you could reply and use other advanced thread options

> I must choose between bestcrypt 7.20 or drivecrypt 4.4
>
> I have fear of backdoor
>
> both the software is not opensource and high risk for backdoor
>
> I do not succeed to understand which it is secure
>
> help me
>
> thanks


You say, "I must choose between Bestcrypt 7.20 or Drivecrypt 4.4" - this
seems like a silly and artificial constraint.

Both products are closed source but Jetico (Bestcrypt) is certainly larger
and probably has a better rep (Securstar, despite its detractors, is still
pretty good).

However, there is a product that is at least as satisfactory technically (I
think it's better because of things like LRW mode), and which blows them
away in terms of cost (free!) and transparency (open-source): Truecrypt.
It is also available for Linux platforms as well as Win2k-and-up Windows.

For partition/container encryption it's a no-brainer: Truecrypt!

Regards,

PS If you require full-disk encryption, that's a different story and there
are some significant differences between products (for instance,
Bestcrypt's new beta volume encryption product seems particularly strong in
dealing with raid, mount points, spanning, etc.).


Similar ThreadsPosted
Bestcrypt, Truecrypt or other - what should I use? December 14, 2005, 11:26 am
Re: DriveCrypt November 26, 2008, 8:45 am
Re: DriveCrypt November 26, 2008, 6:11 pm
Re: DriveCrypt December 1, 2008, 9:40 am
DriveCrypt Plus Boot Problem November 16, 2008, 3:50 pm
Drivecrypt won't open dcv file on DVD disk February 10, 2008, 11:57 am
Drivecrypt pre-boot auth versus multiple users October 11, 2005, 3:12 pm

The site map in XML format XML site map

Contact Us | Privacy Policy