Page 6 of 8 FirstFirst ... 2345678 LastLast
Results 101 to 120 of 141

Thread: Re: Truly Trulymail

  1. #101
    Ari Silverstein
    Guest

    Re: Truly Trulymail

    On Thu, 2 Sep 2010 22:36:01 +1000, a wrote:

    > **** off, Ari.


    Who the hell are you?

    > You're just trolling John for the sake of being difficult.


    I'm exposing a fraud. Have a problem with that? And why? Hit close to
    home?

    > Hundreds of apps exist where you don't know the makers and their history.


    So? Bring 'em on.
    --
    Talk about F-Cars - www.ferrarichat.com/forum/member.php?u=89702

  2. #102
    Ari Silverstein
    Guest

    Re: Truly Trulymail

    On Thu, 2 Sep 2010 07:20:51 -0700 (PDT), Pubkeybreaker wrote:

    >> Ari's arguments might not have been expressed in the best of ways (to
    >> put it mildly) but he is correct in that you can not trust the
    >> cryptography of a closed source application.

    >
    > Oh??? Has RSA Security made its code open source? I'm sure
    > that you can/would/should trust BSAFE for example, even though it is
    > not open source.
    >
    > Would you not trust closed-source NIST certified FIPS-140 compliant
    > code?


    The open source argument that OS guarantees code safety and proper
    implementation is ********. It doesn't.

    What it does is allows for peer review, code audit possibilities,
    public timelining, version specifics, public participation by
    suggestion, ideas and added code, and an assortment of other peeks
    under the (code's) covers unavailable with closed source development.

    What's is best (open v.s. closed) is subject to the product being
    delivered in this case encryption, email clientele and the suggestion
    of privacy by Trulymail. There are only two choices and there is no
    doubt in my mind that when encryption is involved, open source
    projects offer more to and for the general public and to and for the
    those developers who offer their products free or not to said public.

    Why?

    Mainly because developers cannot be trusted. Open source at least
    kicks open the possibility of review.

    The best of all worlds is closed source development with entirely
    competent, trusted individuals which is why the highest level of
    cryptographic development for the USGov, DoD, DHS and the intertwined
    military-intelligence Agencies happens behind closed doors. Among
    their experts and their contracted experts.

    Why does this work? Because they will cut your gonads off and stuff
    them in your mouth while you see your body getting dumped into the
    Potomac whilst suffocating your last breaths.

    Great stimuli for unfettered success.

  3. #103
    Ari Silverstein
    Guest

    Re: Truly Trulymail

    On Thu, 2 Sep 2010 07:48:21 -0700 (PDT), Pubkeybreaker wrote:

    > I trust Microsoft's crypto library (the one who wrote it is a
    > colleague and co-author of mine) and would know how to use it.
    >
    > By your own admission, Trulymail has ZERO crypto knowledge.
    > How can anyone trust you to USE Microsoft's library in the correct
    > way?


    This insurmountable fact cannot be overcome but Trulymail just doesn't
    seem to get it. The further they go into this thread, the worse it
    becomes for them. It's like watching Jesus hold the hammer and nails
    and shouting "Sir, can I have another" all Marine like.

    > If you want your code vetted Trulymail; you can hire me at
    > $400.00/hr. And I do have both the required software and crypto
    > background.


    Now here is where the final and unresolvable problem lies for
    Trulymail. After watching him/them/whomever he/they/it might be, I
    have zero confidence that Trulymail would have the inherent knowledge
    and capability to assess the work you would do much less your
    credentials to do so.

    I'm talking from experience here 2002. It took me to 2003-4 to sort
    all of these business matters out and more than a few mistakes along
    the way.

    Trulymail has been in business since 2008 and look what they have to
    show for it in terms of understanding their technologies and backing
    their proclamations.

    I don't hold much hope, sadly, none at all at this point.

  4. #104
    Ari Silverstein
    Guest

    Re: Truly Trulymail

    On Thu, 02 Sep 2010 17:13:19 +0100, Mark Murray wrote:

    > http://msdn.microsoft.com/en-us/libr...8VS.85%29.aspx
    >
    > Pubkeybreaker,
    >
    > Look carefully at the "PROV_*RSA*_AES".
    >
    > AES has the keysizes you mention, but RSA can quite easily have
    > 4096 bits.


    Does it really matter once you get past 2048? 4096 in private key use
    is slower than molasses without a truly(mail) lol discernible,
    practical increase in security.

    Which leads back, imo, to the absurdity of Trulymail popping its shirt
    buttons over using 4096 in the first place.
    --
    http://2.bp.blogspot.com/_d4law24liE...ilverstein.JPG

  5. #105
    Ari Silverstein
    Guest

    Re: Truly Trulymail

    On Thu, 02 Sep 2010 15:52:59 GMT, nemo_outis wrote:

    > Which is precisely why open-source crypto code is largely
    > pointless in terms of a thorough review. The unqualified
    > can't do it, and the qualified won't do it.
    >
    > Not without a fee. In which case, the source might just as
    > well be closed.


    Not going to argue that open source isn't regularly audited but I can
    tell you for an absolute fact that a great deal of open source code is
    thoroughly vetted, torn apart and studied by folks with big nasty
    attitudes, hyooge computers and nearly limitless budgets and
    personnel.

    Because they don't call /nemo the nimrod/ up and tell him doesn't
    belie the fact that those nasty folks et al are very, very interested
    in open source code. Some of that knowledge creeps back to the
    developers. Some of the developers are nasty attitude types.

    > Moreover, when you're finished your review, why the hell
    > should a potential new user place any trust in the quality,
    > competence and thoroughness of your review? You (or the
    > company that hired you) will be asking the users to "trust"
    > you - why should they?


    > Why indeed? After all, even if your credentials are
    > impressive, your honesty unimpeachable, and your fame
    > widespread (and are they?) you're a hired gun with a clear
    > conflict of interest. He who pays the piper calls the tune -
    > or at least that's a legitimate worry for a potential new
    > user. Hell, that question arises even with independent
    > certified labs doing FIPS evaluations.


    I love how you flip the trust model whichever way it suits your
    argument.

    You can't trust any code you don't write yourself.

    But when assessing who to trust, since you have no other choice but to
    trust somebody, you going to pick the company which hides its entire
    development, code and all or the one that at least oipens it kimono
    and is auditing and reviewing?

    Well, people being people have a tendency to trust those companies
    that at least make the appearance of respectability whether that
    respectability is warranted or not.

    Hence, open source, paying for code auditing, etc.

    But, again, you knew that...or did you?

    > Moreover, the folks at whom TrulyMail is targeted probably
    > don't give a flying **** about code reviews even if they were
    > done by crypto luminaries like Bruce Schneier. The response
    > of an ordinary person to this is likely to be, "Bruce Who?"
    > No, the company would likely get better marketing results
    > using a frothy endorsement from a chesty blonde bimbo.


    The issue isn't sales, nice diversion but Oh sorry, the issue is does
    their product meet the standards they themselves claim that it does.
    It doesn't and/or they have not allowed any possible way to see that
    it might. It won't so their level of credibility is all shot to hell.

    If they were selling a replacement to Notepad, who cares? When you are
    selling privacy and cryptography and making assertions that you meet
    those goals, it makes a hell of a lot of difference.

    Ask some poor bloke in Iran who just got his nuts chopped off because
    his Trulymail farted into plaintext with the words "assassinate Ali
    Khamenei". Far fetched? Who knows who might trust these jokers.

    Email privacy and secure commo can be about life and death. Don't ever
    forget it.

  6. #106
    Pubkeybreaker
    Guest

    Re: Truly Trulymail

    On Sep 2, 6:03*pm, Ari Silverstein <AriSilverst...@yahoo.com> wrote:

    > The best of all worlds is closed source development with entirely
    > competent, trusted individuals which is why the highest level of
    > cryptographic development for the USGov, DoD, DHS and the intertwined
    > military-intelligence Agencies happens behind closed doors. Among
    > their experts and their contracted experts.


    And what do you think it is that I do?

  7. #107
    Pubkeybreaker
    Guest

    Re: Truly Trulymail

    On Sep 2, 6:27*pm, Ari Silverstein <AriSilverst...@yahoo.com> wrote:
    > On Thu, 02 Sep 2010 17:13:19 +0100, Mark Murray wrote:
    > >http://msdn.microsoft.com/en-us/libr...8VS.85%29.aspx

    >
    > > Pubkeybreaker,

    >
    > > Look carefully at the "PROV_*RSA*_AES".

    >
    > > AES has the keysizes you mention, but RSA can quite easily have
    > > 4096 bits.

    >
    > Does it really matter once you get past 2048? 4096 in private key use
    > is slower than molasses without a truly(mail) lol discernible,
    > practical increase in security.


    Uh..... Who do you think you are talking with???

    I know this better than (almost) anyone else.

  8. #108
    Pubkeybreaker
    Guest

    Re: Truly Trulymail

    On Sep 2, 6:03*pm, Ari Silverstein <AriSilverst...@yahoo.com> wrote:
    > On Thu, 2 Sep 2010 07:20:51 -0700 (PDT), Pubkeybreaker wrote:


    > <snip>
    > > Oh??? * Has RSA Security made its code open source? *I'm sure
    > > that you can/would/should trust BSAFE for example, even though it is
    > > not open source.

    >
    > > Would you not trust closed-source NIST certified FIPS-140 compliant
    > > code?

    >
    > The open source argument that OS guarantees code safety and proper
    > implementation is ********. It doesn't.


    Which doesn't answer my question.

    >
    > What it does is allows for peer review, code audit possibilities,
    > public timelining, version specifics, public participation by
    > suggestion, ideas and added code, and an assortment of other peeks
    > under the (code's) covers unavailable with closed source development.


    The key word is "allow". OTOH, a company such as RSA Security has a
    vested interest in making sure of the correctness of their code --->
    They want to
    stay in business.

    Don't you trust RSA to write correct crypto code???


    Please note that cryptography never CREATES trust. All it does is
    shift it
    from place to place or person to person. The difficulty is knowing
    WHO you
    can trust.,

    >
    > What's is best (open v.s. closed) is subject to the product being
    > delivered in this case encryption, email clientele and the suggestion
    > of privacy by Trulymail. There are only two choices and there is no
    > doubt in my mind that when encryption is involved, open source
    > projects offer more to and for the general public and to and for the
    > those developers who offer their products free or not to said public.
    >
    > Why?
    >
    > Mainly because developers cannot be trusted. Open source at least
    > kicks open the possibility of review.


    As I said, you need to know WHO to trust. Let's have a show of
    hands...
    How many here do not trust the experts at Entrust, Certicom, RSA
    Security,
    NTRU, etc. to write correct crypto code????


    >
    > The best of all worlds is closed source development with entirely
    > competent, trusted individuals


    Do you think that the experts at the above companies are not to be
    trusted?
    Or that they are not competent?


    >which is why the highest level of
    > cryptographic development for the USGov, DoD, DHS and the intertwined
    > military-intelligence Agencies happens behind closed doors. Among
    > their experts and their contracted experts.


    Yep. And some of those contracted experts come from companies
    like Entrust etc.

    >
    > Why does this work? Because they will cut your gonads off and stuff
    > them in your mouth while you see your body getting dumped into the
    > Potomac whilst suffocating your last breaths.


    This last bit is nonsense.




  9. #109
    Ari Silverstein
    Guest

    Re: Truly Trulymail

    On Thu, 2 Sep 2010 16:00:39 -0700 (PDT), Pubkeybreaker wrote:

    > On Sep 2, 6:27*pm, Ari Silverstein <AriSilverst...@yahoo.com> wrote:
    >> On Thu, 02 Sep 2010 17:13:19 +0100, Mark Murray wrote:
    >>>http://msdn.microsoft.com/en-us/libr...8VS.85%29.aspx

    >>
    >>> Pubkeybreaker,

    >>
    >>> Look carefully at the "PROV_*RSA*_AES".

    >>
    >>> AES has the keysizes you mention, but RSA can quite easily have
    >>> 4096 bits.

    >>
    >> Does it really matter once you get past 2048? 4096 in private key use
    >> is slower than molasses without a truly(mail) lol discernible,
    >> practical increase in security.

    >
    > Uh..... Who do you think you are talking with???
    >
    > I know this better than (almost) anyone else.


    I answered Murray. Read the headers.

  10. #110
    Ari Silverstein
    Guest

    Re: Truly Trulymail

    On Thu, 2 Sep 2010 15:57:50 -0700 (PDT), Pubkeybreaker wrote:

    > On Sep 2, 6:03*pm, Ari Silverstein <AriSilverst...@yahoo.com> wrote:
    >
    >> The best of all worlds is closed source development with entirely
    >> competent, trusted individuals which is why the highest level of
    >> cryptographic development for the USGov, DoD, DHS and the intertwined
    >> military-intelligence Agencies happens behind closed doors. Among
    >> their experts and their contracted experts.

    >
    > And what do you think it is that I do?


    Pick your nose?

    Why don't you tell us then we won't have to guess?

  11. #111
    Ari Silverstein
    Guest

    Re: Truly Trulymail

    On Thu, 2 Sep 2010 16:27:09 -0700 (PDT), Pubkeybreaker wrote:

    > On Sep 2, 6:03*pm, Ari Silverstein <AriSilverst...@yahoo.com> wrote:
    >> On Thu, 2 Sep 2010 07:20:51 -0700 (PDT), Pubkeybreaker wrote:

    >
    >> <snip>
    >>> Oh??? * Has RSA Security made its code open source? *I'm sure
    >>> that you can/would/should trust BSAFE for example, even though it is
    >>> not open source.

    >>
    >>> Would you not trust closed-source NIST certified FIPS-140 compliant
    >>> code?

    >>
    >> The open source argument that OS guarantees code safety and proper
    >> implementation is ********. It doesn't.

    >
    > Which doesn't answer my question.
    >
    >>
    >> What it does is allows for peer review, code audit possibilities,
    >> public timelining, version specifics, public participation by
    >> suggestion, ideas and added code, and an assortment of other peeks
    >> under the (code's) covers unavailable with closed source development.

    >
    > The key word is "allow". OTOH, a company such as RSA Security has a
    > vested interest in making sure of the correctness of their code --->
    > They want to
    > stay in business.
    >
    > Don't you trust RSA to write correct crypto code???


    As much as I do most, yes.

    > Please note that cryptography never CREATES trust. All it does is
    > shift it
    > from place to place or person to person. The difficulty is knowing
    > WHO you
    > can trust.,


    Obviously, just as I posted.

    >> The best of all worlds is closed source development with entirely
    >> competent, trusted individuals

    >
    > Do you think that the experts at the above companies are not to be
    > trusted?
    > Or that they are not competent?


    I didn't find any of them necessarily untrustworthy.

    >>which is why the highest level of
    >> cryptographic development for the USGov, DoD, DHS and the intertwined
    >> military-intelligence Agencies happens behind closed doors. Among
    >> their experts and their contracted experts.

    >
    > Yep. And some of those contracted experts come from companies
    > like Entrust etc.


    ???????????

    >> Why does this work? Because they will cut your gonads off and stuff
    >> them in your mouth while you see your body getting dumped into the
    >> Potomac whilst suffocating your last breaths.

    >
    > This last bit is nonsense.


    Ya' think?

    And not always.
    --
    Talk about F-Cars - www.ferrarichat.com/forum/member.php?u=89702

  12. #112
    Ari Silverstein
    Guest

    Re: Truly Trulymail

    On Thu, 2 Sep 2010 19:29:09 -0400, Ari Silverstein wrote:

    > On Thu, 2 Sep 2010 15:57:50 -0700 (PDT), Pubkeybreaker wrote:
    >
    >> On Sep 2, 6:03*pm, Ari Silverstein <AriSilverst...@yahoo.com> wrote:
    >>
    >>> The best of all worlds is closed source development with entirely
    >>> competent, trusted individuals which is why the highest level of
    >>> cryptographic development for the USGov, DoD, DHS and the intertwined
    >>> military-intelligence Agencies happens behind closed doors. Among
    >>> their experts and their contracted experts.

    >>
    >> And what do you think it is that I do?

    >
    > Pick your nose?
    >
    > Why don't you tell us then we won't have to guess?


    Ok, I'll ask again. what is it you do?

  13. #113
    Joseph Ashwood
    Guest

    Re: Truly Trulymail

    "Mark Murray" <w.h.oami@example.com> wrote in message
    news:4c7fcd1f$0$2516$db0fefd9@news.zen.co.uk...
    > On 09/02/10 15:48, Pubkeybreaker wrote:


    >> If you want your code vetted, you can hire me at $400.00/hr. And I
    >> do have both the required software and crypto background.

    >
    > Based on the above RSA detail missed, are you really worth $400 an hour?


    Yes, he really is. He is a world renowned, world recognised, undeniably
    brilliant public key researcher with extensive experience in the research
    department of RSA Security. If anything $400/hour is not enough for his
    level of capability.

    This is from someone who has been at odds with him on multiple occassions. I
    obviously have great respect for him, and more than once I have recommended
    him to my clients.

    He is absolutely worth $400 an hour.
    Joe


  14. #114
    Joseph Ashwood
    Guest

    Re: Truly Trulymail

    "TrulyMail Support" <support@trulymail.com> wrote in message
    news:4028bb9e-8e87-47e2-b159-8a847c2b8822@u31g2000pru.googlegroups.com...

    Lets start at the very beginning, which algorithms do you use exactly?
    You've said you use PROV_RSA_AES, but that is just the provider, not the
    algorithms.

    The problem you are experiencing is that you tick so many checkboxes for
    snake oil. You have no experience in cryptography, you have repeatedly
    avoided saying what algorithm is used, you have repeatedly stated you won't
    disclose the workings, you rely on having experience in a field largely
    unrelated to claim security, you have demonstrated a lack of understanding
    of the competition (PGP, contrary to your statements, has offered 4096-bit
    keys for at least a decade). These are just the very beginning of what needs
    to be fixed. When I said you need at least another 10 years in cryptography
    before you're ready to release a product I wasn't kidding.
    Joe


  15. #115
    nemo_outis
    Guest

    Re: Truly Trulymail

    "Joseph Ashwood" <ashwood@msn.com> wrote in
    news:zO%fo.98423$lS1.1998@newsfe12.iad:

    > Yes, he really is. He is a world renowned, world
    > recognised, undeniably brilliant public key researcher with
    > extensive experience in the research department of RSA
    > Security. If anything $400/hour is not enough for his level
    > of capability.


    Yep, everyone knows Bob Silverman's rep.

    Regards,

  16. #116
    Ari Silverstein
    Guest

    Re: Truly Trulymail

    On Thu, 2 Sep 2010 22:29:02 -0700, Joseph Ashwood wrote:

    > "Mark Murray" <w.h.oami@example.com> wrote in message
    > news:4c7fcd1f$0$2516$db0fefd9@news.zen.co.uk...
    >> On 09/02/10 15:48, Pubkeybreaker wrote:

    >
    >>> If you want your code vetted, you can hire me at $400.00/hr. And I
    >>> do have both the required software and crypto background.

    >>
    >> Based on the above RSA detail missed, are you really worth $400 an hour?

    >
    > Yes, he really is. He is a world renowned, world recognised, undeniably
    > brilliant public key researcher with extensive experience in the research
    > department of RSA Security. If anything $400/hour is not enough for his
    > level of capability.
    >
    > This is from someone who has been at odds with him on multiple occassions. I
    > obviously have great respect for him, and more than once I have recommended
    > him to my clients.
    >
    > He is absolutely worth $400 an hour.
    > Joe


    Damn, Joe, he'd better get $400/hr to pay you for this extra-glorious
    endorsement. :)

    I kid.

    But you might give him a few lessons in following Usenet conversations
    (who replied to whom) and using a newsreader, dumping Google Groups.

    I don't kid.
    --
    ´Looking Above and Beyond the Ramp: A Study of Buffalo Students˙
    Attitudes toward Alternative Modes of Transportation"

  17. #117
    Ari Silverstein
    Guest

    Re: Truly Trulymail

    On Fri, 03 Sep 2010 05:56:36 GMT, nemo_outis wrote:

    > "Joseph Ashwood" <ashwood@msn.com> wrote in
    > news:zO%fo.98423$lS1.1998@newsfe12.iad:
    >
    >> Yes, he really is. He is a world renowned, world
    >> recognised, undeniably brilliant public key researcher with
    >> extensive experience in the research department of RSA
    >> Security. If anything $400/hour is not enough for his level
    >> of capability.

    >
    > Yep, everyone knows Bob Silverman's rep.
    >
    > Regards,


    http://preview.tinyurl.com/24ts27e
    --
    ´Looking Above and Beyond the Ramp: A Study of Buffalo Students˙
    Attitudes toward Alternative Modes of Transportation"

  18. #118
    nemo_outis
    Guest

    Re: Truly Trulymail

    Ari Silverstein <AriSilverstein@yahoo.com> wrote in
    news:8eanqpFpu6U1@mid.individual.net:


    > Not going to argue that open source isn't regularly audited
    > but I can tell you for an absolute fact that a great deal
    > of open source code is thoroughly vetted, torn apart and
    > studied by folks with big nasty attitudes, hyooge computers
    > and nearly limitless budgets and personnel.


    Who the hell cares if the NSA and such examine open-source
    crypto code. If they don't disclose their results it may as
    well not have happened as far as anyone else is concerned.


    > You can't trust any code you don't write yourself.


    You can't trust crypto code you wrote yourself either!

    Not unless you are among a handful of experts - less, likely
    much less, than one in a million!


    >> Moreover, the folks at whom TrulyMail is targeted probably
    >> don't give a flying **** about code reviews even if they
    >> were done by crypto luminaries like Bruce Schneier. The
    >> response of an ordinary person to this is likely to be,
    >> "Bruce Who?" No, the company would likely get better
    >> marketing results using a frothy endorsement from a chesty
    >> blonde bimbo.

    >
    > The issue isn't sales, nice diversion but Oh sorry, the
    > issue is does their product meet the standards they
    > themselves claim that it does. It doesn't and/or they have
    > not allowed any possible way to see that it might. It won't
    > so their level of credibility is all shot to hell.



    No, the issue ISN'T whether their product meets the standards
    they claim for it. The question is only whether the company
    can instil suffient trust in the user, by whatever means, that
    he adopts and uses their program.

    And that is a marketing problem, NOT a technical cryptography
    one. It is your pig-headedness that causes you to completely
    misperceive the issue.

    The company doesn't have to convince techies and security
    asficonados - it only has to convince its potential user base.
    By whatever means. That may irk you, but that's the way it
    is.

    And so such a company - even if it is honest and on the up and
    up - needn't invest much effort in trying to convince techies.
    As I said before, techies aren't the target market for such a
    program.

    It's about gaining users' trust - *target* users. And the
    plain fact, however annoying it may be to you as an
    incompetent, and also to others who are crypto-competent, is
    that there are, in general, easier and more effective ways of
    gaining that trust than ringing source code endorsements by
    experts whom the public doesn't know from Adam (even if those
    experts have zillions of scholarly publications and are well-
    regarded by their colleagues).

    > Email privacy and secure commo can be about life and death.
    > Don't ever forget it.


    No, the thick-witted jackass, they aren't. Nobody but a fool
    would use something like TrulyMail for matters that could get
    him in serious trouble, let alone killed. Ordinary folks use
    such programs for ordinary purposes like getting a bit better
    email privacy - not for leaking nuclear secrets to al Qaeda.

    Anyone not a fool who has serious needs takes serious
    precautions (isolated cases of Darwin-award morons to the
    contrary notwithstanding)

    Regards,



  19. #119
    Mark Murray
    Guest

    Re: Truly Trulymail

    On 02/09/2010 22:26, Pubkeybreaker wrote:
    > I miised no detail. I quote what was written:
    >
    > "PROV_RSA_AES"
    >
    > This is a bunch of acronyms that have been run together and connected
    > by underscores. It is not RSA, I can read, Apparently, you can't.


    I googled the documentation of that service.

    <quote>
    The PROV_RSA_AES provider type supports both digital signatures and data
    encryption. It is considered a general purpose cryptographic service
    provider (CSP). The RSA public key algorithm is used for all public key
    operations.
    </quote>

    What am I missing?

    M
    --
    Mark "No Nickname" Murray
    Notable nebbish, extreme generalist.

  20. #120
    Ari Silverstein
    Guest

    Re: Truly Trulymail

    On Thu, 2 Sep 2010 22:40:14 -0700, Joseph Ashwood wrote:

    > "TrulyMail Support" <support@trulymail.com> wrote in message
    > news:4028bb9e-8e87-47e2-b159-8a847c2b8822@u31g2000pru.googlegroups.com...
    >
    > Lets start at the very beginning, which algorithms do you use exactly?
    > You've said you use PROV_RSA_AES, but that is just the provider, not the
    > algorithms.
    >
    > The problem you are experiencing is that you tick so many checkboxes for
    > snake oil. You have no experience in cryptography, you have repeatedly
    > avoided saying what algorithm is used, you have repeatedly stated you won't
    > disclose the workings, you rely on having experience in a field largely
    > unrelated to claim security, you have demonstrated a lack of understanding
    > of the competition (PGP, contrary to your statements, has offered 4096-bit
    > keys for at least a decade). These are just the very beginning of what needs
    > to be fixed. When I said you need at least another 10 years in cryptography
    > before you're ready to release a product I wasn't kidding.
    > Joe


    Joe, I wouldn't expect a response from Trulymail, maybe I will be
    wrong. If Trulymail responds, there are only two outcomes. More
    self-inflicted ruination and heaping amounts of self-inflicted
    ruination.

    Sitting back and reading once again Trulymail's posts, I firmly
    believe that they have created a very simplistic product without a
    clue of the critical issues that are inherent in software that
    involves cryptography and security much less the irreversibly
    dangerous consequences of failure.

    Cite: Trulymail showed up on Usenet in the first place.

    This doesn't make them any less culpable for their snake oil. It only
    buys them a low level of rapidly fleeting sympathy.

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •