bestcrypt 7.20 vs drivecrypt 4.4

Discussion in 'Computer Security' started by supermazzinga, Dec 18, 2006.

  1. I must choose between bestcrypt 7.20 or drivecrypt 4.4

    I have fear of backdoor

    both the software is not opensource and high risk for backdoor

    I do not succeed to understand which it is secure

    help me

    thanks
     
    supermazzinga, Dec 18, 2006
    #1
    1. Advertising

  2. supermazzinga wrote:

    > I must choose between bestcrypt 7.20 or drivecrypt 4.4
    >
    > I have fear of backdoor
    >
    > both the software is not opensource and high risk for backdoor
    >
    > I do not succeed to understand which it is secure


    DriveCrypt is 1344 bit deluxe marketing bullshit. Thus, at any rate,
    BestCrypt has a way better reputition.

    If you care about open source, I wonder why you're running on Windows.
    Anyway, both TrueCrypt and PGP Desktop Professional are open source (with
    the latter just forbidding you run the self-compiled code, yeah, as if one
    would care...).
     
    Sebastian Gottschalk, Dec 18, 2006
    #2
    1. Advertising

  3. On Mon, 18 Dec 2006 14:27:13 +0100, Sebastian Gottschalk
    <> wrote:

    >supermazzinga wrote:
    >
    >> I must choose between bestcrypt 7.20 or drivecrypt 4.4
    >>
    >> I have fear of backdoor
    >>
    >> both the software is not opensource and high risk for backdoor
    >>
    >> I do not succeed to understand which it is secure

    >
    >DriveCrypt is 1344 bit deluxe marketing bullshit. Thus, at any rate,
    >BestCrypt has a way better reputition.
    >
    >If you care about open source, I wonder why you're running on Windows.
    >Anyway, both TrueCrypt and PGP Desktop Professional are open source (with
    >the latter just forbidding you run the self-compiled code, yeah, as if one
    >would care...).



    pgp is write in USA and have backdoor for decrypt.

    my problem is backdoor
     
    supermazzinga, Dec 18, 2006
    #3
  4. Re: bestcrypt 7.20 vs drivecrypt 4.4

    supermazzinga wrote:
    > pgp is write in USA and have backdoor for decrypt.
    >
    > my problem is backdoor


    That is complete nonsense. Just because something is written in the US
    doesn't imply it has a backdoor.

    And just because it's open source doesn't mean there is no back door.
    Are you going to audit every single line of source code? Have you
    audited every line of code in your compiler? How about in your
    operating system?

    Any software you are going to find probably uses AES and TripleDES. DES
    was a US design, and both AES and DES are certified by NIST.

    DriveCrypt talks about some 1344-bit strength, which in itself
    nonsense. None of the algorithms listed on their site supports that
    size key, and there is no reason for that large of a key anyway.

    TrueCrypt and PGP Disk are the best choices, IMHO.

    -Matt
     
    Matthew Fanto, Dec 18, 2006
    #4
  5. Re: bestcrypt 7.20 vs drivecrypt 4.4

    Matthew Fanto wrote:

    > And just because it's open source doesn't mean there is no back door.
    > Are you going to audit every single line of source code? Have you
    > audited every line of code in your compiler? How about in your
    > operating system?


    The demand for cryptographic software being open source does not just come
    from trust implications but more from implementation correctness. It's so
    easy to make an entire cryptographic system void with a little
    implementation error, and many companies have proven this. Open source
    gives you and many auditers the opportunity to check the cryptographic core
    and the general quality of the implementation.

    > Any software you are going to find probably uses AES and TripleDES. DES
    > was a US design, and both AES and DES are certified by NIST.


    I presume you still meant 3DES. The classical DES has got its certfication
    revoked some months ago. :)

    > DriveCrypt talks about some 1344-bit strength, which in itself
    > nonsense. None of the algorithms listed on their site supports that
    > size key,


    Triple-Blowfish (3*448 = 1344)

    > and there is no reason for that large of a key anyway.


    And neither any good reason why 3-BF should even achieve such a security.
    Paying careful attention to the Meet-in-the-middle attack and using hash
    chains to linearly transfer the memory tradeoff back into a time tradeoff,
    the effective security is always limited to 2*keysize, thus it's only 896
    bits worth.
     
    Sebastian Gottschalk, Dec 18, 2006
    #5
  6. Re: bestcrypt 7.20 vs drivecrypt 4.4

    Sebastian Gottschalk wrote:

    > The demand for cryptographic software being open source does not just come
    > from trust implications but more from implementation correctness. It's so
    > easy to make an entire cryptographic system void with a little
    > implementation error, and many companies have proven this. Open source
    > gives you and many auditers the opportunity to check the cryptographic core
    > and the general quality of the implementation.



    But the argument was about backdoors, so I restricted my comment to
    backdoors. I think it was Ritchie who showed backdoors by modifying the
    compiler. Thus even though the applications code has been reviewed, the
    compiler can still insert malicious things.

    I'm all in favor of open source software. I was just attempting to show
    the fallacy in assuming because it's open source, it's safe.

    >
    > > Any software you are going to find probably uses AES and TripleDES. DES
    > > was a US design, and both AES and DES are certified by NIST.

    >
    > I presume you still meant 3DES. The classical DES has got its certfication
    > revoked some months ago. :)


    Yes, there should be a 3 in front of that DES.


    > > DriveCrypt talks about some 1344-bit strength, which in itself
    > > nonsense. None of the algorithms listed on their site supports that
    > > size key,

    >
    > Triple-Blowfish (3*448 = 1344)


    Good catch. I didn't entertain the idea of 3-BF, and thus didn't think
    about 3*448 = 1344. I was thinking of a few different cascade (though I
    really didn't think too hard) options and none of them adding to 1344,
    and decided the 1344 probably came from some homebrew cipher we see on
    sci.crypt so often.


    > > and there is no reason for that large of a key anyway.

    >
    > And neither any good reason why 3-BF should even achieve such a security.
    > Paying careful attention to the Meet-in-the-middle attack and using hash
    > chains to linearly transfer the memory tradeoff back into a time tradeoff,
    > the effective security is always limited to 2*keysize, thus it's only 896
    > bits worth.


    I agree, but I also think a key size of 896-bits is overkill.

    -Matt
     
    Matthew Fanto, Dec 18, 2006
    #6
  7. supermazzinga

    nemo_outis Guest

    supermazzinga <> wrote in
    news:eek::

    > I must choose between bestcrypt 7.20 or drivecrypt 4.4
    >
    > I have fear of backdoor
    >
    > both the software is not opensource and high risk for backdoor
    >
    > I do not succeed to understand which it is secure
    >
    > help me
    >
    > thanks



    You say, "I must choose between Bestcrypt 7.20 or Drivecrypt 4.4" - this
    seems like a silly and artificial constraint.

    Both products are closed source but Jetico (Bestcrypt) is certainly larger
    and probably has a better rep (Securstar, despite its detractors, is still
    pretty good).

    However, there is a product that is at least as satisfactory technically (I
    think it's better because of things like LRW mode), and which blows them
    away in terms of cost (free!) and transparency (open-source): Truecrypt.
    It is also available for Linux platforms as well as Win2k-and-up Windows.

    For partition/container encryption it's a no-brainer: Truecrypt!

    Regards,

    PS If you require full-disk encryption, that's a different story and there
    are some significant differences between products (for instance,
    Bestcrypt's new beta volume encryption product seems particularly strong in
    dealing with raid, mount points, spanning, etc.).
     
    nemo_outis, Dec 18, 2006
    #7
  8. supermazzinga

    macarro Guest


    > pgp is write in USA and have backdoor for decrypt.


    What a load of rubbish, but if you believe it then all Microsoft
    products are written in the USA and have backdoor so as long as you use
    it you are backdoorered.

    You are using Giganews to post which is based in the USA, that means the
    CIA can access your logs anytime.

    You also using Forte Agent to post which is made by an US company,
    everything you type is keylogged.

    And if you drink a Coca cola made in the USA it will spy inside your
    stomach too.

    >
    > my problem is backdoor
    >


    I bet you put all this effort in backdoor and then you leave the WINDOWS
    of your house wide open. Swap file? ISP logs? Trojans in your computer?
    Unsafe pirated software installed? Screensaver password?etc?

    Sure backdoors are important but they will attack your weakest point,
    always, so do not overlook them.

    That also applies to keysize, Drivecrypt 1344 bit encryption? OK, but
    then is it really AES 128 easier to crack than AES 256? I have lots of
    information encrypted with AES 128 and I could not be arsed to change
    the algorythm, much rather working making my passphrase bullet proof,
    that is the weakest point.


    --
    Mapping the internet 24/7 http://www.netdimes.org
     
    macarro, Dec 20, 2006
    #8
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Replies:
    1
    Views:
    552
    joevan
    Nov 3, 2004
  2. Quana

    Wondering About BestCrypt

    Quana, Feb 9, 2004, in forum: Computer Security
    Replies:
    0
    Views:
    444
    Quana
    Feb 9, 2004
  3. S.B.

    BestCrypt BCWipe anyone?

    S.B., Apr 1, 2004, in forum: Computer Security
    Replies:
    5
    Views:
    2,015
    Arthur T.
    Apr 3, 2004
  4. Scorpion

    HELP - Bestcrypt problem

    Scorpion, Apr 24, 2004, in forum: Computer Security
    Replies:
    1
    Views:
    576
    Aaron B. Lingwood
    Apr 24, 2004
  5. Przemyslaw Jaskierski

    Bestcrypt, Truecrypt or other - what should I use?

    Przemyslaw Jaskierski, Dec 14, 2005, in forum: Computer Security
    Replies:
    1
    Views:
    3,952
    nemo_outis
    Dec 14, 2005
Loading...

Share This Page