BB, I am not an expert either, but I have done enough reading to understand, at least conceptually, what "strong" encryption means and where the shortcomings lie:
Read through the following on encryption techniques to gain a better understanding of the problems I am referring to:
counterpane.com
there is a whole bunch of great stuff on that website that you should read as well...
The thing that bugs me is JAWZ's, use of the word "unbreakable." When I look at the list in your last post and see a word like pseudorandom, that, to me, implies a weakness, as most "strong" encryption hardware products (to the best of my knowledge) rely on true hardware random number generators.
In addition, it would appear that the original key length is not actually that long, but is seeded by a much smaller value given by the user and then expanded to a larger bit length... I don't know enough to know if this adds security or detracts from security... or how it is implemented in JAWZ's solution.
I am not familiar with the expert you quote. Actually, the only two sources I trust at this point because I have researched them are Bruce Schneier (see above link at counterpane) and Peter Guttman's page @ aukland that someone posted earlier. I am not aware of any study done by either on L5, and would feel much more comfortable If I knew their feelings on the matter.
JAWZ's solution may very well be as good as they say, but, IMO, there are too many people making claims like that, and I would like to see confirmation from one of the sources above.
Perhaps you should email them for their opinions.....
Enam |
