SimpleCrypt

[tobyblake]

Hi there,

 

I'd like to have our Retrospect network traffic encrypted over the wire and I see the way to do this is to check the Link Encryption box, which then means it will use "SimpleCrypt" to encrypt the data.

 

SimpleCrypt is described as:

 

SimpleCrypt uses a proprietary Vernam cipher with cipher-block

chaining and was designed to be both fast and secure. It provides

commercial-level security without appreciably slowing the backup

process on all but the slowest computers. SimpleCrypt is more than

adequate for the vast majority of users' requirements.

 

.. but that's it.

 

Can anyone provide more information about this? What analysis has been done on this? I'm reluctant to trust an encryption mechanism with so little information? What's wrong with using an established, well-tested cipher? Or at least provide it as an option.

 

Toby Blake

University of Edinburgh

 

[Mayoff]

Keep in mind, methods like DES are documented and "cracked". While Simplecrypt is Retrospect only.

 

The user-entered password is processed into one of 4,000,000,000 possible 4096-bit encryption keys. SimpleCrypt is designed to provide commercial-level security without appreciably slowing the backup process on all but the slowest computers. It is more than adequate for the vast majority of users' requirements.

[tobyblake]

Hi there,

 

Firstly, thanks for your reply. I hope you'll continue to discuss this with me. I put your statement to our network security expert and here is his reply (or at least the printable parts of it):

 

"

1) Good encryption algorithms do not rely on the algorithm being hidden.

On the contrary they are just as strong when published, and more trusted

because they've been well analysed. The strength lies in the key.

 

2) DES has a keyspace size of 2^56, which is considerably larger than their

4*10^9. That latter is easily within brute-force capability.

 

3) That they understand so little of the principles of cryptography does

not bode well for the strength of their algorithm. There are lots of ways

in which to go wrong, even for the expert, thereby rendering the algorithm

worthless.

 

4) ...

 

There are quite a few good web pages around on the subject. The snake-oil

FAQ is one.

Lots of Bruce Schneier's CryptoGram newletters cover the subect too -- for

example . I could go on,

but I doubt if it's worth the effort. The bottom line is, you might as

well regard their product as vaguely useful obfuscation if it doesn't

impose too much of a load, or pointless if it does.

"

 

 

Thanks

Toby

 

[tobyblake]

Oops, managed to lose the URLs there.

 

Snake Oil FAQ

 

Bruce Schneier's CryptoGram newletter

 

Cheers

Toby

 

[tobyblake]

Hi again,

 

Is anyone from Dantz willing to comment on this? I'd really like to see reliable, strong encryption over the wire in Retrospect.

 

Thanks

Toby

 

[mauricev]

I just stumbled upon this old message and noticed...

 

Quote:

---

DES has a keyspace size of 2^56, which is considerably larger than their

4*10^9.

 

---

 

 

Looks like your network security expert misread what was written above. 4096 bits is a lot bigger number than 4*10^9. That number refers to the number of keys, not the key length.

[jlimpert]

The main advantage of SimpleCrypt is that it is very fast, even on old hardware. It will not resist a sophisticated attacker, but it is sufficiently secure to keep out the riff-raff. Think of it as a common pin-and-tumbler lock. A good locksmith can pick the lock. That doesn't mean that the lock has no value.

[nekr0phage]

Hi,

 

A bit late to the fray, but I'd like to add that Retrospect is intended to run within a LAN, not over the internet. If there is a risk of data being gleaned from within your own network, you have more serious problems than Retro's transfer encryption.

 

However, I agree that a publicly proven encryption scheme would be nice as an alternative.