On Tue, 31 Aug 2010 17:46:35 -0700, Joseph Ashwood wrote:
>> While I, personally, don't have a background in cryptography,
>
> Then you need at least another 10 years before you're ready to release a
> product. Sorry, but that really is how long it takes to develop the
> capability.
I can personally and positively agree with that statement. We had to
hire 30+ years worth of established, vetted talent to get things
right.
--
9ec4c12949a4f31474f299058ce2b22a
On Tue, 31 Aug 2010 17:46:35 -0700, Joseph Ashwood wrote:
> "TrulyMail Support" <support@trulymail.com> wrote in message
> news:f2cb3a1e-8968-48b6-9970-052ec80b45e1@g21g2000prn.googlegroups.com...
>
>> My
>> point was not that you can either trust us or go away.
>
> Very bad idea. Cryptography is extremely difficult to get right. The real
> reason that every reputable company at least publishes their formats (and
> many publish source code) is to get more eyes finding the problems. The
> availability of the design data doesn't prevent an attacker from doing the
> analysis, but the good guys will simply ignore you. This is the opposite of
> the most desirable situation. By opening the design you are more likely to
> get good guys to look over your design and point out mistakes.
>
>> While I, personally, don't have a background in cryptography,
>
> Then you need at least another 10 years before you're ready to release a
> product. Sorry, but that really is how long it takes to develop the
> capability.
>
>> encryption uses their cryptographic library using the Rijndael
>> algorithm (PROV_RSA_AES cryptographic service provider). We use a 4096-
>> bit key, as mentioned earlier.
>
> That is promising, but a quick glance at your website,
> http://trulymail.com/ForgotPassword.aspx is absolutely moronic. No key, no
> password, no data should ever be recoverable under uncontrolled
> circumstances, and the controlled circumstances need significant analysis.
>
> From there on, anything else you say is completely irrelevant, your design
> is a complete security failure. TrulyMail is completely snake-oil.
> Joe
On Sep 1, 4:33*am, Caesar Romano <S...@uce.gov> wrote:
> On Tue, 31 Aug 2010 19:48:31 GMT, "nemo_outis" <a...@xyz.com> wrote Re
> Re: TrulyTrulymail:
>
>
>
> >TrulyMailSupport <supp...@trulymail.com> wrote in
> >news:c7958a6d-3b24-47ba-87e1-00ec465dcf58@t5g2000prd.googlegro
> >ups.com:
>
> >...
> >> OK, please let me publicly apologize. *It was never my
> >> intention to snub anyone here. My point was simply that it
> >> is easier to answer clear questions. Clearly I was
> >> inappropriate in my response and I hope you will forgive
> >> me.
>
> >There is no need for you to apologize to anyone - you have been
> >entirely forthcoming about your company and its products. *
> >Moreover, you have shown the patience of a saint and remained
> >courteous even when repsonding to insulting confrontational
> >boors such as Ari.
>
> >I wish you and your company every success.
>
> >Regards,
>
> I agree completely.
> --
> Work is the curse of the drinking class.
"Joseph Ashwood" <ashwood@msn.com> wrote in
news:Gohfo.36956$6o7.15680@newsfe21.iad:
> Very bad idea. Cryptography is extremely difficult to get
> right.
Ask for the source code for Bitlocker. Ask for the source
code for Utimaco Safeguard. Ask for the source code for
WinMagic. Ask for the source code for Bestcrypt. Ask for the
source code for Compusec. Ask for the source code of ...
It is common for encryption software to be proprietary and
closed source. In fact, ALL enterprise level encryption is
proprietary. Open source is no panacea as no less a luminary
than Cambridge's Ross Anderson has repeatedly pointed out.
And for an ordinary person, it is no better solution to "trust
the code reviewer" than to "trust the code writer." The
unqualified layman still has to operate on a **trust model**
Whether it's a reviewer or a writer - you're only
**displacing** where the trust gets placed. Hell, even if the
code were completely vetted a dishonest operator (of closed or
open source crypto software) could still subvert security - as
I have repeatedly shown right here!
Yes, crypto is hard to get right. And not one person in a
million has both the programming and crypto skills to do a
thorough review of any serious program's crypto code. Open
source's model of "many eyes" completely breaks down for
crypto, especially commercial crypto - ordinary folks can't do
it and skilled academics are not going to do free vetting of a
commercial program!
No skilled person has ever done a thorough review even of
Truecrypts' source code - a much higher-profile program than
TrulyMail will ever be (i.e., been willing to publish it under
his name. Not just a architecture once-over - thorough source
code vetting!). The ONLY open source crypto pogram that has
ever had a thorough code review by professionals is OpenSSL
and that was through the FIPS' closed-lab process for a long-
ago version.
Like it or lump it - black box crypto is here to stay.
Ari Silverstein <AriSilverstein@yahoo.com> wrote in
news:8e5pjcFlokU1@mid.individual.net:
> On Tue, 31 Aug 2010 17:46:35 -0700, Joseph Ashwood wrote:
>
>>> While I, personally, don't have a background in
>>> cryptography,
>>
>> Then you need at least another 10 years before you're
>> ready to release a product. Sorry, but that really is how
>> long it takes to develop the capability.
>
> I can personally and positively agree with that statement.
> We had to hire 30+ years worth of established, vetted
> talent to get things right.
Ari, there's an "existence proof" that they still got it
completely wrong - they hired you!
Regards,
PS For the terminally clueless - like you, Ari - the OP likely
was not the fellow who wrote the software. This may be
difficult for you and your sockpuppets to understand, Ari, since
you only hear the voices in your head, but some copmpanies have
more than one employee.
On Sep 1, 5:34Â*am, Bâ„®ar Bottoms <bearbotto...@gmai.invalid> wrote:
> On Tue, 31 Aug 2010 10:07:21 -0700 (PDT),TrulyMailSupport wrote:
> > On Aug 31, 11:08Â*pm, Bâ„®ar Bottoms <bearbotto...@gmai.invalid> wrote:
> >> On Tue, 31 Aug 2010 07:07:27 -0700 (PDT),TrulyMailSupport wrote:
> >>> If you would like to
> >>> audit our source code, we would be happy to show you some key parts of
> >>> it if you are ever in Santiago.
>
> >> I often fly down to South America.
>
> >> How about next Tuesday?
>
> > I'm not free on Tuesday but I'm free that Friday. Will that work for
> > you?
>
> Are you crazy? Look what happened last time I was late.
>
> http://www.prorev.com/BARRY%20SEAL.jpg
>
> --
> Bâ„®ar Bottoms
Hmmm. You wouldn't be making the point that all Latin-American
countries are the same, are you? Are you implying that because
Columbia has so much instability that all Latin-American countries do?
Chile is known for its stability.
The offer remains open, should you change your mind.
On Wed, 01 Sep 2010 01:33:47 GMT, nemo_outis wrote:
> Ari Silverstein <AriSilverstein@yahoo.com> wrote in
> news:8e5j28Fm28U1@mid.individual.net:
>
>>> Are you crazy? Look what happened last time I was late.
>>>
>>> http://www.prorev.com/BARRY%20SEAL.jpg
>
> If only we were so lucky that this happened to you, Ari.
>
> Regards,
Love you too Mr. Anonymousie but here's a "Heads Up" for you. Camper's
Merc camp, which I was both a student and later a teacher, taught me
all I needed to know about survival.
Seal was a pawn. He was dead as soon as he exposed the underbelly of
Mena and his direct relationships with elder VP George Bush
(specifically Adm Dan Murphy). Unglesby's call "sealed" his fate.
There was no way they were going to let Seal get traced back to
Iran-Contra.
Bottoms, otoh, has survived this whole, sordid affair by providing
tons of disinformation. It was that and permanent banishment to
Louisiana that saved his life. Most everyone involved at Mena were
dead within months.
Here's a clue, something for you to do in your, ahem, "retirement".
Why not flop on down to the RCMPussies and ask them when they recently
finished their investigation of the Air India disaster, they did not
subpoena Frank's testimony? Eh?
On Sep 1, 7:26*am, "Steve Terry" <gfour...@tesco.net> wrote:
> "Ari Silverstein" <AriSilverst...@yahoo.com> wrote in message
>
> news:8e4kfpFr7gU1@mid.individual.net...> On Tue, 31 Aug 2010 07:48:47 -0700 (PDT),TrulyMailSupport wrote:
> <snip>
> > This "trust us, we're really good guys" is a bunch of hocus-pocus BS,
> > it demeans you and it demeans your products.
>
> I trust them, nobody from Santiago or Nigeria would lie to us.
>
> Steve Terry
> --
> "I would like to plead for my right to investigate natural phenomena
> without having guns pointed at me.
> I also ask for the right to be wrong without being hanged for it."
> *- Wilhelm Reich, November 1947
Nigeria? Interesting that you put Chile in the same boat as a country
with so little stability.
Chile is known as being the most stable in the region. Before you
start claiming that the least broken bottle of set is still broken, I
would encourage you to do a little research on the subject of this
country.
On Sep 1, 7:46*am, "Joseph Ashwood" <ashw...@msn.com> wrote:
> "TrulyMailSupport" <supp...@trulymail.com> wrote in message
>
> news:f2cb3a1e-8968-48b6-9970-052ec80b45e1@g21g2000prn.googlegroups.com...
>
> > My
> > point was not that you can either trust us or go away.
>
> Very bad idea. Cryptography is extremely difficult to get right. The real
> reason that every reputable company at least publishes their formats (and
> many publish source code) is to get more eyes finding the problems. The
> availability of the design data doesn't prevent an attacker from doing the
> analysis, but the good guys will simply ignore you. This is the opposite of
> the most desirable situation. By opening the design you are more likely to
> get good guys to look over your design and point out mistakes.
>
> > While I, personally, don't have a background in cryptography,
>
> Then you need at least another 10 years before you're ready to release a
> product. Sorry, but that really is how long it takes to develop the
> capability.
>
> > encryption uses their cryptographic library using the Rijndael
> > algorithm (PROV_RSA_AES cryptographic service provider). We use a 4096-
> No key, no
> password, no data should ever be recoverable under uncontrolled
> circumstances, and the controlled circumstances need significant analysis..
>
> From there on, anything else you say is completely irrelevant, your design
> is a complete security failure.TrulyMailis completely snake-oil.
> * * * * * * * * Joe
The password that is recoverable is the password to download new
messages from the server. Those messages have all been encrypted by
the sender so if someone else gets your password, they still can't
read your messages.
It's like being able to recover your password to your email account.
Ari Silverstein <AriSilverstein@yahoo.com> wrote in
news:8e5qpiFr1gU1@mid.individual.net:
> Love you too Mr. Anonymousie but here's a "Heads Up" for
> you. Camper's Merc camp, which I was both a student and
> later a teacher, taught me all I needed to know about
> survival.
>
> Seal was a pawn. He was dead as soon as he exposed the
> underbelly of Mena and his direct relationships with elder
> VP George Bush (specifically Adm Dan Murphy). Unglesby's
> call "sealed" his fate. There was no way they were going to
> let Seal get traced back to Iran-Contra.
>
> Bottoms, otoh, has survived this whole, sordid affair by
> providing tons of disinformation. It was that and permanent
> banishment to Louisiana that saved his life. Most everyone
> involved at Mena were dead within months.
>
> Here's a clue, something for you to do in your, ahem,
> "retirement". Why not flop on down to the RCMPussies and
> ask them when they recently finished their investigation of
> the Air India disaster, they did not subpoena Frank's
> testimony? Eh?
>
> Go figure that one out, you Assclown.
You're raving again, Ari. And you're flecking the monitor with
spittle and drooling on the keyboard
On Wed, 01 Sep 2010 01:32:28 GMT, nemo_outis wrote:
> As for open-source in cryptography, it is mostly a snare and a
> delusion.
It is available for peer review and potential source code evaluation
and you know it. Now let's get to the real, new, pissed off Nemo
anonymous...
> Not evem Truecrypt, the darling of the open-
> sourcers, has ever had a thorough review by a skilled crypto
> practitioner willing to put his name to his work. And I defy
> you to name Truecrypt's developers!
Here it is, you got a sudden hard on for the Truecrypt guys after
spending years claiming that they were Bowie's nazz. Why so?
Because they kicked you off their forum? They won't play by nemos
anonymousie rules?
I tell you what Truecrypt does. They put their financials out in the
open. Does Trulymail? Hmmmmmmmmmmm?
Let's summarize. Truecrypt is open source, used by you (or you lied)
and the developers have been named by Peter Fairbrother right here on
these forums. Missed that did you?
Xpost reinserted you cowardized freak of nature.
Tell me, when are you going to implement Trulymail since you are
defending it (hypocritically to your maximum hilt), hmmmmmmmm?
Bet you don't. I bet this entire tirade of yours is because of me and
your recent pushback from years of Truecrypt promotion.
Very high schoolish, "nemo", too bad you still have lingering memories
of failing to get a date to the proms. Take it out on someone else.
Both Truecrypt and I could ****ing care less about your pentup
dementias..
--
Talk about F-Cars - www.ferrarichat.com/forum/member.php?u=89702
On Wed, 01 Sep 2010 02:05:38 GMT, nemo_outis wrote:
> Ari Silverstein <AriSilverstein@yahoo.com> wrote in
> news:8e5pjcFlokU1@mid.individual.net:
>
>> On Tue, 31 Aug 2010 17:46:35 -0700, Joseph Ashwood wrote:
>>
>>>> While I, personally, don't have a background in
>>>> cryptography,
>>>
>>> Then you need at least another 10 years before you're
>>> ready to release a product. Sorry, but that really is how
>>> long it takes to develop the capability.
>>
>> I can personally and positively agree with that statement.
>> We had to hire 30+ years worth of established, vetted
>> talent to get things right.
>
> Ari, there's an "existence proof" that they still got it
> I'll remember that when I sign the payroll checks.
> completely wrong - they hired you!
I'll remember that when I authorize payroll tomorrow.
lol
>
> PS For the terminally clueless - like you, Ari - the OP likely
> was not the fellow who wrote the software. This may be
> difficult for you and your sockpuppets to understand, Ari, since
> you only hear the voices in your head, but some copmpanies have
> more than one employee.
On Wed, 01 Sep 2010 02:21:15 GMT, nemo_outis wrote:
> Ari Silverstein <AriSilverstein@yahoo.com> wrote in
> news:8e5qpiFr1gU1@mid.individual.net:
>
>> Love you too Mr. Anonymousie but here's a "Heads Up" for
>> you. Camper's Merc camp, which I was both a student and
>> later a teacher, taught me all I needed to know about
>> survival.
>>
>> Seal was a pawn. He was dead as soon as he exposed the
>> underbelly of Mena and his direct relationships with elder
>> VP George Bush (specifically Adm Dan Murphy). Unglesby's
>> call "sealed" his fate. There was no way they were going to
>> let Seal get traced back to Iran-Contra.
>>
>> Bottoms, otoh, has survived this whole, sordid affair by
>> providing tons of disinformation. It was that and permanent
>> banishment to Louisiana that saved his life. Most everyone
>> involved at Mena were dead within months.
>>
>> Here's a clue, something for you to do in your, ahem,
>> "retirement". Why not flop on down to the RCMPussies and
>> ask them when they recently finished their investigation of
>> the Air India disaster, they did not subpoena Frank's
>> testimony? Eh?
>>
>> Go figure that one out, you Assclown.
>
> You're raving again, Ari. And you're flecking the monitor with
> spittle and drooling on the keyboard
Translation: "I haven't a clue how the world works and would much
rather sit in my little assclown house than pay any attention to it.
It's what I do best. Take orders, drool when commanded and look away."
--
Talk about F-Cars - www.ferrarichat.com/forum/member.php?u=89702
Ari Silverstein <AriSilverstein@yahoo.com> wrote in
news:8e5sopF4ruU1@mid.individual.net:
Ari, you have now exhausted what small interest you initally
provided. I have punished your trulculent boorishness to the
OP, and exposed your vapidity and ingnorance once again. My job
is done.
On Tue, 31 Aug 2010 19:06:09 -0700 (PDT), TrulyMail Support wrote:
>>> I'm not free on Tuesday but I'm free that Friday. Will that work for
>>> you?
>>
>> Are you crazy? Look what happened last time I was late.
>>
>> http://www.prorev.com/BARRY%20SEAL.jpg
>>
>> --
>> Bâ„®ar Bottoms
>
> Hmmm. You wouldn't be making the point that all Latin-American
> countries are the same, are you? Are you implying that because
> Columbia has so much instability that all Latin-American countries do?
> Chile is known for its stability.
There's stability in the world? Now that's a novel notion. We don't
have it in America and if you think Chile is stable, you're
delusional.
Political, economic...any stability is a fleeting moment away from
being snatched right out from under you. Stability is an
apparition...at best.
When your stability no longer serves the purposes of the powers of the
world, you'll return to the Ugarte-Pinochet days.
this I will give you unlike many countries, Chileans have a sense of
democratic pride and the balls to push that forward.
--
Talk about F-Cars - www.ferrarichat.com/forum/member.php?u=89702
On Wed, 01 Sep 2010 01:39:24 GMT, nemo_outis wrote:
> Ari Silverstein <AriSilverstein@yahoo.com> wrote in
> news:8e5ju3Fq9vU1@mid.individual.net:
>
> Anonymous? Me?
>
> ****, Ari, you're such an incompetent arsehole that you still
> can't read a header. That's me right up there at shaw.ca for
> the whole world to see.
Cool. My name is Ari Silverstein, and yours?
lol
> As for your railroad app becoming available "real soon now"
Not my app, keep your lies straight, Mr. Anonymoiusie. We performed
the POC as one of several companies that did so.
> it's
> vaporware like everythng else in your miserable pathetic little
> life, Ari.
>
> Regards,
Not what you said when I offered to employ you into the deal, nemo.
Not what you said at all.
At least you don't have the notion to lie out and out about or commo,
nemo. That I will give you.
Ari Silverstein <AriSilverstein@yahoo.com> wrote in
news:8e5t95F7dqU1@mid.individual.net:
>> Hmmm. You wouldn't be making the point that all
>> Latin-American countries are the same, are you? Are you
>> implying that because Columbia has so much instability
>> that all Latin-American countries do? Chile is known for
>> its stability.
>
> There's stability in the world? Now that's a novel notion.
> We don't have it in America and if you think Chile is
> stable, you're delusional.
>
> Political, economic...any stability is a fleeting moment
> away from being snatched right out from under you.
> Stability is an apparition...at best.
>
> When your stability no longer serves the purposes of the
> powers of the world, you'll return to the Ugarte-Pinochet
> days.
>
> this I will give you unlike many countries, Chileans have a
> sense of democratic pride and the balls to push that
> forward.
Ari, you're rambling and babbling again. Early onset
Alzheimer's?
Reply With Quote
Bookmarks