Instacrypt

Discussion in 'Computer Security' started by Ari Silverstein, Nov 11, 2010.

  1. www.instantcrypt.com

    InstantCrypt is the Easy-to-Use front end for GPG/GnuPG that works
    with all e-mail clients and your web mail. Attempted to design for
    inexperience user to get start encrypting/decrypting within 20
    minutes. Runs local or portable. Both Alice and Bob need the program.

    Thunderbird/Enigmail works better imo but not with webmail.

    Point of this program is to provide ease of use with email encryption
    and that is an effort I applaud. FME most developed users can't
    install and implement PKE.

    Justin Thompson et al are nearing a releasee of info on Project
    Mackerel, hopefully they will set inroads into this problem.

    "Green Cryptography focuses on assembling the implementation the right
    way, such that the functions of encryption and authenticate will be
    appropriately handled, and more easily realized, by developers.
    Mackerel focuses on applying the implementation to the right stuff, by
    aligning current cryptographic models with real-world communication
    models, and adds a layer of abstraction on top of a green
    cryptographic model, such that the concepts of confidentiality and
    integrity are more tangible and palatable for users."
    --
    http://fffff.at/tag/fuckgoogle/
    Ari Silverstein, Nov 11, 2010
    #1
    1. Advertising

  2. Ari Silverstein

    Mr. B Guest

    From the website:

    "InstantCrypt cannot [because for normal secure e-mail exchange, these
    features are not a priority]: Clearsign and make and verifiy detached
    signature for files."

    I would say that signing and verifying represents a pretty common use case,
    and probably more common that encrypting. Sending encrypted messages to a
    mailing list is pointless, but people often sign messages sent to mailing
    lists. Verifying a valid signature from a file that is being broadcast,
    like a computer program available for download, it also pretty common.

    What worries me here is that this program is not very well documented, at
    least not on its website. It is compatible with OpenPGP, which is certainly
    a good thing...but beyond that, we cannot see much. What sort of keys will
    it generate? How does it generate those keys (it does not look like it is a
    GPLed program, so I doubt that it is using GPG as its back end)? I
    understand that this is a program meant for beginners, but any crypto
    program should have a certain amount of technical information available for
    people who might want to perform some kind of evaluation (i.e. a person who
    is knowledgeable in crypto might want to know whether or not they should
    advise others who are less knowledgeable to use this particular program).

    Just my $0.02.

    -- B
    Mr. B, Nov 11, 2010
    #2
    1. Advertising

  3. Instantcrypt

    On Wed, 10 Nov 2010 21:51:24 -0500, Mr. B wrote:

    > From the website:
    >
    > "InstantCrypt cannot [because for normal secure e-mail exchange, these
    > features are not a priority]: Clearsign and make and verifiy detached
    > signature for files."
    >
    > I would say that signing and verifying represents a pretty common use case,
    > and probably more common that encrypting. Sending encrypted messages to a
    > mailing list is pointless, but people often sign messages sent to mailing
    > lists. Verifying a valid signature from a file that is being broadcast,
    > like a computer program available for download, it also pretty common.
    >
    > What worries me here is that this program is not very well documented, at
    > least not on its website. It is compatible with OpenPGP, which is certainly
    > a good thing...but beyond that, we cannot see much. What sort of keys will
    > it generate? How does it generate those keys (it does not look like it is a
    > GPLed program, so I doubt that it is using GPG as its back end)? I
    > understand that this is a program meant for beginners, but any crypto
    > program should have a certain amount of technical information available for
    > people who might want to perform some kind of evaluation (i.e. a person who
    > is knowledgeable in crypto might want to know whether or not they should
    > advise others who are less knowledgeable to use this particular program).
    >
    > Just my $0.02.
    >
    > -- B


    I agree and considering the author has been working on this program
    since 2004, the only consideration I will give him for the lack of
    info is that he appears to be a one man show who has at least
    identified a real need.

    Outside of that identification (which is the focus of my OP), I
    wouldn't touch this thing with a ten foot algorithm. After seeing that
    it was foisted on an unsuspecting client by his lawyer, a dummy named
    "nix" on Wilders, I knew it was potential garbage. lol

    <http://www.wilderssecurity.com/forumdisplay.php?s=&daysprune=&f=40>

    My bet it will be payware soon.
    Ari Silverstein, Nov 11, 2010
    #3
  4. Ari Silverstein

    PooseyII Guest

    Re: Instantcrypt

    On Wed, 10 Nov 2010 23:48:43 -0500, Ari Silverstein wrote:

    > Outside of that identification (which is the focus of my OP), I
    > wouldn't touch this thing with a ten foot algorithm. After seeing that
    > it was foisted on an unsuspecting client by his lawyer, a dummy named
    > "nix" on Wilders, I knew it was potential garbage. lol
    >
    > <http://www.wilderssecurity.com/forumdisplay.php?s=&daysprune=&f=40>


    Nancy Norelli and she is quite the piece of work. Why have a handle
    "nix" if you are going to announce on a forum who you are? :)

    I have spoken with her, emailed her several times. She has a blog/rant
    about intelligence agencies that is impossible to determine what in
    the world she is blogging/ranting about.

    She sent me to a fellow in California who desired to initiate a
    completely anonymous webforum using Eastern Indian programmers on a
    Pirate Bay web hosted site. When I suggested that none of this made
    any sense, he informed Poosey that I was incorrect.

    > My bet it will be payware soon.


    About version 3? :)
    PooseyII, Nov 11, 2010
    #4
  5. Re: Instantcrypt

    On Thu, 11 Nov 2010 00:34:10 -0500, PooseyII wrote:

    > On Wed, 10 Nov 2010 23:48:43 -0500, Ari Silverstein wrote:
    >
    >> Outside of that identification (which is the focus of my OP), I
    >> wouldn't touch this thing with a ten foot algorithm. After seeing that
    >> it was foisted on an unsuspecting client by his lawyer, a dummy named
    >> "nix" on Wilders, I knew it was potential garbage. lol
    >>
    >> <http://www.wilderssecurity.com/forumdisplay.php?s=&daysprune=&f=40>

    >
    > Nancy Norelli and she is quite the piece of work. Why have a handle
    > "nix" if you are going to announce on a forum who you are? :)
    >
    > I have spoken with her, emailed her several times. She has a blog/rant
    > about intelligence agencies that is impossible to determine what in
    > the world she is blogging/ranting about.


    Is this the one who "knows" the intell picture as if she was actually
    intimate with it?

    > She sent me to a fellow in California who desired to initiate a
    > completely anonymous webforum using Eastern Indian programmers on a
    > Pirate Bay web hosted site.


    Oh yeah, that's Norelli, a fucking nutcase she is and so was Alan.
    Never had written a lick of software, had no clue about internet
    security and was somehow going to lie below the radar with a forum
    which would openly admit to using psychedelics for patient care.

    Illegally.

    The "anonymity" was going to protect the Docs and the patients. *rofl*
    If the forum hosting company didn't flip them over, it would be a
    matter of time before they got subpoenaed for records of the members
    and their posting history.

    Or they infiltrate the forum and suck the stupids into exposing who
    they are. Either way, it is a crash-and-burn project in the wrong
    hands.

    > When I suggested that none of this made any sense, he informed
    > Poosey that I was incorrect.


    Assclowns like Norelli and Alan are the worst. They get a pinch of
    information and think they have a bucketful of useful data. Norelli
    ought to be disbarred for stupidity it that's possible.

    >> My bet it will be payware soon.

    >
    > About version 3? :)


    LOL The Trulymail Syndrome strikes again.

    http://preview.tinyurl.com/26par7w
    --
    http://fffff.at/tag/fuckgoogle/
    Ari Silverstein, Nov 11, 2010
    #5
  6. Ari Silverstein

    PooseyII Guest

    Re: Instantcrypt

    On Thu, 11 Nov 2010 00:59:46 -0500, Ari Silverstein wrote:

    > On Thu, 11 Nov 2010 00:34:10 -0500, PooseyII wrote:
    >
    >> On Wed, 10 Nov 2010 23:48:43 -0500, Ari Silverstein wrote:
    >>
    >>> Outside of that identification (which is the focus of my OP), I
    >>> wouldn't touch this thing with a ten foot algorithm. After seeing that
    >>> it was foisted on an unsuspecting client by his lawyer, a dummy named
    >>> "nix" on Wilders, I knew it was potential garbage. lol
    >>>
    >>> <http://www.wilderssecurity.com/forumdisplay.php?s=&daysprune=&f=40>


    >> She sent me to a fellow in California who desired to initiate a
    >> completely anonymous webforum using Eastern Indian programmers on a
    >> Pirate Bay web hosted site.

    >
    > Oh yeah, that's Norelli, a fucking nutcase she is and so was Alan.
    > Never had written a lick of software, had no clue about internet
    > security and was somehow going to lie below the radar with a forum
    > which would openly admit to using psychedelics for patient care.
    >
    > Illegally.


    Maybe Google bots don't like LSD? :)

    > The "anonymity" was going to protect the Docs and the patients. *rofl*
    > If the forum hosting company didn't flip them over, it would be a
    > matter of time before they got subpoenaed for records of the members
    > and their posting history.
    >
    > Or they infiltrate the forum and suck the stupids into exposing who
    > they are. Either way, it is a crash-and-burn project in the wrong
    > hands.


    Wrong hands being the operative word. :)

    >> When I suggested that none of this made any sense, he informed
    >> Poosey that I was incorrect.

    >
    > Assclowns like Norelli and Alan are the worst. They get a pinch of
    > information and think they have a bucketful of useful data. Norelli
    > ought to be disbarred for stupidity it that's possible.


    No surprises when she chooses to use Instantcrypt. Nance' pinch has
    inflated into a bucket. She believes she is capable of evaluating
    cryptography.

    http://www.wilderssecurity.com/showpost.php?p=1776935&postcount=3

    http://www.wilderssecurity.com/showthread.php?t=274722

    From another post:

    "As a linguist, I study and write on the theoretical aspects of
    encryption (and all communication applications) and I provide analysis
    of legal issues involved in the development and design of private
    communications platforms." :0)

    I am not sure what this means but I smell manure close by :)
    PooseyII, Nov 11, 2010
    #6
  7. Re: Instantcrypt

    On Thu, 11 Nov 2010 01:19:01 -0500, PooseyII wrote:

    >>> When I suggested that none of this made any sense, he informed
    >>> Poosey that I was incorrect.

    >>
    >> Assclowns like Norelli and Alan are the worst. They get a pinch of
    >> information and think they have a bucketful of useful data. Norelli
    >> ought to be disbarred for stupidity it that's possible.

    >
    > No surprises when she chooses to use Instantcrypt. Nance' pinch has
    > inflated into a bucket. She believes she is capable of evaluating
    > cryptography.


    Norelli is just as naive as the typical end user without having any
    excuse other than ego and pride for being so. Wilders is full of
    these imbeciles most average 78,234 posts. Hell, they had enough time
    to learn about cryptography if they would have cu their post count
    down to 55,098. lol

    > http://www.wilderssecurity.com/showpost.php?p=1776935&postcount=3
    >
    > http://www.wilderssecurity.com/showthread.php?t=274722
    >
    > From another post:
    >
    > "As a linguist, I study and write on the theoretical aspects of
    > encryption (and all communication applications) and I provide analysis
    > of legal issues involved in the development and design of private
    > communications platforms." :0)
    >
    > I am not sure what this means but I smell manure close by :)


    It means she is an attorney who thinks she is an IT academic and is
    out soliciting business with bullshit. It'll work, other idiot
    attorneys and end users will hire her because she uses fancy words
    they assume makes her a genuine commo wizard.

    I hope she has great legs because if she doesn't, a good professional
    witness will turn her case arguments to garbage. Juries still like
    legs.
    --
    "The Toast of Buffalo! = http://tinyurl.com/2v9sjf9 Ari himself, with
    his unerring sense of what is hip, contributed a box of doughnuts
    from Famous Doughnuts, a company he owns."
    Ari Silverstein, Nov 11, 2010
    #7
  8. Ari Silverstein

    PooseyII Guest

    Re: Instantcrypt

    On Thu, 11 Nov 2010 01:28:17 -0500, Ari Silverstein wrote:

    > On Thu, 11 Nov 2010 01:19:01 -0500, PooseyII wrote:
    >
    >>>> When I suggested that none of this made any sense, he informed
    >>>> Poosey that I was incorrect.
    >>>
    >>> Assclowns like Norelli and Alan are the worst. They get a pinch of
    >>> information and think they have a bucketful of useful data. Norelli
    >>> ought to be disbarred for stupidity it that's possible.

    >>
    >> No surprises when she chooses to use Instantcrypt. Nance' pinch has
    >> inflated into a bucket. She believes she is capable of evaluating
    >> cryptography.

    >
    > Norelli is just as naive as the typical end user without having any
    > excuse other than ego and pride for being so. Wilders is full of
    > these imbeciles most average 78,234 posts. Hell, they had enough time
    > to learn about cryptography if they would have cut their post count
    > down to 55,098. lol
    >
    >> http://www.wilderssecurity.com/showpost.php?p=1776935&postcount=3
    >>
    >> http://www.wilderssecurity.com/showthread.php?t=274722
    >>
    >> From another post:
    >>
    >> "As a linguist, I study and write on the theoretical aspects of
    >> encryption (and all communication applications) and I provide analysis
    >> of legal issues involved in the development and design of private
    >> communications platforms." :0)
    >>
    >> I am not sure what this means but I smell manure close by :)

    >
    > It means she is an attorney who thinks she is an IT academic and is
    > out soliciting business with bullshit. It'll work, other idiot
    > attorneys and end users will hire her because she uses fancy words
    > they assume makes her a genuine commo wizard.
    >
    > I hope she has great legs because if she doesn't, a good professional
    > witness will turn her case arguments to garbage. Juries still like
    > legs.


    Then she had best stay a research attorney. :)
    PooseyII, Nov 11, 2010
    #8
  9. Ari Silverstein

    PooseyII Guest

    Re: Instantcrypt

    On Wed, 10 Nov 2010 21:51:24 -0500, Mr. B wrote:

    > From the website:
    >
    > "InstantCrypt cannot [because for normal secure e-mail exchange, these
    > features are not a priority]: Clearsign and make and verifiy detached
    > signature for files."
    >
    > I would say that signing and verifying represents a pretty common use case,
    > and probably more common that encrypting. Sending encrypted messages to a
    > mailing list is pointless, but people often sign messages sent to mailing
    > lists. Verifying a valid signature from a file that is being broadcast,
    > like a computer program available for download, it also pretty common.
    >
    > What worries me here is that this program is not very well documented, at
    > least not on its website. It is compatible with OpenPGP, which is certainly
    > a good thing...but beyond that, we cannot see much. What sort of keys will
    > it generate? How does it generate those keys (it does not look like it is a
    > GPLed program, so I doubt that it is using GPG as its back end)? I
    > understand that this is a program meant for beginners, but any crypto
    > program should have a certain amount of technical information available for
    > people who might want to perform some kind of evaluation (i.e. a person who
    > is knowledgeable in crypto might want to know whether or not they should
    > advise others who are less knowledgeable to use this particular program).
    >
    > Just my $0.02.
    >
    > -- B


    Good two pennies it is. :)
    PooseyII, Nov 11, 2010
    #9
  10. Ari Silverstein

    PooseyII Guest

    Re: Instantcrypt

    On Thu, 11 Nov 2010 01:28:17 -0500, Ari Silverstein wrote:

    > On Thu, 11 Nov 2010 01:19:01 -0500, PooseyII wrote:
    >
    >>>> When I suggested that none of this made any sense, he informed
    >>>> Poosey that I was incorrect.
    >>>
    >>> Assclowns like Norelli and Alan are the worst. They get a pinch of
    >>> information and think they have a bucketful of useful data. Norelli
    >>> ought to be disbarred for stupidity it that's possible.

    >>
    >> No surprises when she chooses to use Instantcrypt. Nance' pinch has
    >> inflated into a bucket. She believes she is capable of evaluating
    >> cryptography.

    >
    > Norelli is just as naive as the typical end user without having any
    > excuse other than ego and pride for being so. Wilders is full of
    > these imbeciles most average 78,234 posts. Hell, they had enough time
    > to learn about cryptography if they would have cu their post count
    > down to 55,098. lol
    >
    >> http://www.wilderssecurity.com/showpost.php?p=1776935&postcount=3
    >>
    >> http://www.wilderssecurity.com/showthread.php?t=274722
    >>
    >> From another post:
    >>
    >> "As a linguist, I study and write on the theoretical aspects of
    >> encryption (and all communication applications) and I provide analysis
    >> of legal issues involved in the development and design of private
    >> communications platforms." :0)
    >>
    >> I am not sure what this means but I smell manure close by :)

    >
    > It means she is an attorney who thinks she is an IT academic and is
    > out soliciting business with bullshit. It'll work, other idiot
    > attorneys and end users will hire her because she uses fancy words
    > they assume makes her a genuine commo wizard.
    >
    > I hope she has great legs because if she doesn't, a good professional
    > witness will turn her case arguments to garbage. Juries still like
    > legs.


    Our client out of the Miami office, the one with the Indian problem, I
    contacted nancy to see if whe was interested in repping them in the
    negotiations. Things have come unglued and since she talks like a
    toughie, I emailed her about her take on the case.

    Five, six or more swapped emails and she can't seem to figure out that
    I am laying the case in her lap. 10% is a chunk of change at this
    point.

    She did give ne one piece of sage advice.

    "Get an attorney who can help mediate this." :)

    Thanks. We did. <smashing head with palm of hand>
    PooseyII, Nov 11, 2010
    #10
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.

Share This Page