[Glade-users] Create Directory browser instead of File browser


Yes it has definitely cleared my doubts. Thnka for it. I am now going thr=
ouch the book on "Applied Cryptography". Thanks for the help. =

I am currently creating a windows-style setup for my project; but I am st=
uck in the part of a directory browser. I want a directory browser instea=
d of a file browser. The fileselection dialog does not have features to m=
ake invisible the files. please suggest what i should do.


On Thu, 06 Sep 2001 James Cameron wrote :
Shivdeep Krishnan wrote:
Thanks for the immediate reply.

It was mid-afternoon for me in outback Australia.

I am still unclear as to how open sourcing will =

prevent cracks. As far
our program is concerned, we have encryption =

algorithms inside the
program that forms a middle layer between the =

application and the

Open source will not help you if your encryption =

algorithms are designed
badly.  If the encryption algorithms are weak, then =

knowledge of the
algorithms can be used to attack them.  Strong =

algorithms cannot be
attacked by reverse engineering, they can only be =

attacked by brute

Example of a (very) weak algorithm:

      for(i=3D0;i<length;i++) buffer[i] =3D buffer[i] ^ 0x45

XOR each byte with a constant bit mask.  Knowledge of =

this code makes
the encryption worthless.  This is not good.  Then =

again, just looking
at the byte stream statistically can easily break such =


If you are using weak algorithms at all, and shipping =

the binary
executable to customers, it is quite easy to find the =

code that manages
the encryption.  Many companies have tried that, =

expecting the lack of
source code to be the primary barrier, but it has =

proven to be false
security.  Terms and conditions that prohibit reverse =

engineering are
also worthless, because the black hats don't obey laws =


Use strong algorithms, such as RSA with private and =

public key pairs. =

So long as the private keys are secure and under your =

direct control,
security is good.  There are patent-free strong =

algorithms available, as
used by products like OpenSSL.  Revealing the source =

code for strong
algorithms is a safe thing to do.

It is really up to you whether you want your product to =

be open source,
but you cannot use the excuse "won't knowledge of the =

source violate the
security of the encryption algorithms?", because =

evidence so far has
shown this to be false.

I'm not qualified to analyse your encryption =

algorithms.  You should
have them formally reviewed by a software engineer who =

specialises in
encryption.  Software engineers have often written =

encryption algorithms
that have ended up being insecure.

I hope this helps.

-- =

James Cameron


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]