New Forum: BulletProof, Bitmap Steganography, XOR
in [Cryptography]
|
Prev: New Forum: BulletProof, Bitmap Steganography, XOR
Next: The Winds of Change - The Three Faces of Cryptography.
From: jmorton123 on 11 Jun 2010 12:46 You may not want to go there. I would think users of the freeware who have specific questions on how to best use the freeware and get tips or share information on how to best strategize their use of the program might like to go to such a focused forum. I don't necessarily want help. I'd like constructive criticism of the freeware. So I come here. Do you have any constructive criticism of the freeware? JM On Jun 10, 6:57 pm, Earl_Colby_Pottinger <earlcolby.pottin...(a)sympatico.ca> wrote: > On Jun 10, 8:52 pm, Earl_Colby_Pottinger > > <earlcolby.pottin...(a)sympatico.ca> wrote: > > What I mean is, why is it people who claim they want help then run > > away from the public help forums and try to setup private forum that > > no-one want go to? > > What I mean is, why is it that the people who claim that they want > help will then run away from the public help forums and instead try to > set up private forums that > no-one wants to go to?
From: jmorton123 on 11 Jun 2010 12:48 Yes. I have been thinking about that. I will change those to standard links within a few days. Thanks for mentioning this. I'll get right on it. JM On Jun 10, 9:51 pm, "Dave -Turner" <ad...(a)127.0.0.1> wrote: > btw the buttons (Download, Contact) etc only work if scripts are enabled. > Pass
From: jmorton123 on 11 Jun 2010 16:39 Let me first say that I am not perfect. I used to think I was until I turned about 33 years old. I've said and done things I would not say or do today. I even made one post fairly recently in this newsgroup I would have rather not posted. I am older and wiser and much more educated today than I was ten or fifteen years ago. When I as going to a university about 15 years ago when I first developed this random number generation technique while taking a course in linear algebra, I went to a professor in the computer and engineering college and we vistied my website. I was running some pretty good web statistics at the time. I entered my password from his computer and we examined them. He identified at least three URLs from visitors to my site and said that they were from the NSA or CIA, can't remember exactly. He recognized their URLs. People from all over the world visited my website. This freeware is old news to those with the need to know organizations and the resources to get to know. I'm sure under the FOIA you could contact these two agencies and they might give you some detailed information that they have collected if you're interested. You could also contact ARCO which is now BP. I contacted them and they agreed to look at my software. I sent it to them in Plano, Texas. At that time the US government had lifted the restriction on software used by American companies doing business overseas. They were then allowed to use unlimited key lengths starting about then. Try Microsoft as well. They took a look around then. There is plenty of posts you will find soon enough. But those were some time ago. I'd sure like to hear some constructive criticism of the current freeware version's security and not so much about who I am and the implementation and other off-topic issues. JM On Jun 11, 5:57 am, Bryan <bryanjugglercryptograp...(a)yahoo.com> wrote: > jmorton123 wrote: > > BulletProof, Bitmap Steganography, XOR available for > > download at KingKonglomerate.com > > > Ten years ago in this very same newsgroup I first published this > > software. > > So that would be in 2000. Google doesn't find "BulletProof" nor > "Bitmap Steganography", nor "jmorton123" nor "morton". "JM" brings up > a lot of posts by John Myre. > > Can you give us a little more to go on? > > -- > --Bryan
From: Mr. B on 11 Jun 2010 17:32 > He identified at least three URLs from visitors to my site and said > that they were from the NSA or CIA, can't remember exactly. He > recognized their URLs. People from all over the world visited my > website. This freeware is old news to those with the need to know > organizations and the resources to get to know. So? The NSA and CIA check up on what sort of cryptography is publicly available, that is not really too unusual. They probably analyzed your software, and keep the results in a vault somewhere, in case someone they are investigating decides to go ahead and use it. > You could also contact ARCO which is now BP. I contacted them and > they agreed to look at my software. Looked at it, sure -- but does that mean they used it? Anyone can look at a cryptosystem, and even analyze it, but that does not really say much about the system itself. > Try Microsoft as well. They took a look around then. Ditto, but even more to the point, Microsoft does not exactly have the best track record when it comes to cryptography. > I'd sure like to hear some constructive criticism of the current > freeware version's security and not so much about who I am and the > implementation and other off-topic issues. Another person asked why source code was not available, and you gave the typical "I worked on this so it must remain secret!" answer. Unfortunately, not only do I not run random binaries that people on Usenet ask me to download, but you did not even release binaries for my operating system -- so even if I wanted to run it, I could not. There is also very little information on your website about the software itself, and this sentence here already makes me suspicious: "Although the random number generation process can be described mathematically, it does not use any mathematical formulas to generate the random numbers. All the processes are unbiased and require true random user input: the key. The only way to reproduce the random numbers without the key is by brute-force trial and error." A PRNG that involves no mathematics? Worse yet, you rely on the randomness of a user generated key (if they can generate that random key, why exactly do they need your software?)? Then you make an even more startling claim: "No matter how secure any existing random number generation software is today or will be tomorrow, with BulletProof you can always create random numbers that are more secure. This is because the key length with BulletProof is unlimited." First of all, you claim that your PRNG is more secure than Blum-Blum-Shub, and then you claim that this is because the key length is unlimited...but the key length in BBS is also unlimited. This smells like snake oil to me. Not much to say about your XOR utility -- just a basic one time pad, fairly limited utility there. As for your steganography...you are apparently basing it on hiding the data in the LSB of an image. This is not only detectable if the message is large enough (particularly if I already observed other messages that were produced by the same means e.g. the same digital camera, or perhaps if the messages were not encrypted), but easily erasable, which can be a problem (my adversary might control the communications channel, and could simply overwrite the LSB channel of every image with noise). Really though, with so little documentation on what exactly your program does, how exactly can anyone really say how secure your techniques are? -- B
From: rossum on 11 Jun 2010 18:49
On Fri, 11 Jun 2010 09:23:35 -0700 (PDT), jmorton123 <jmorton123(a)rock.com> wrote: >There is no source code because it takes work to write these programs >and I am not going to do someone else's work for them. This is crypto. Either we trust you or we have to have the source code and compile it oourselves. We don't trust you because you are just a name on usenet. No source, no sale. rossum |