[Glade-users] Create Directory browser instead of File browser

[kshivdeep rediffmail com (Shivdeep Krishnan)]

Hi,

Yes it has definitely cleared my doubts. Thnka for it. I am now going thr=
ouch the book on "Applied Cryptography". Thanks for the help. =


I am currently creating a windows-style setup for my project; but I am st=
uck in the part of a directory browser. I want a directory browser instea=
d of a file browser. The fileselection dialog does not have features to m=
ake invisible the files. please suggest what i should do.

Regards,
Shivdeep

On Thu, 06 Sep 2001 James Cameron wrote :
> Shivdeep Krishnan wrote:
> > Thanks for the immediate reply.
>
> It was mid-afternoon for me in outback Australia.
>
> > I am still unclear as to how open sourcing will =

> prevent cracks. As far
> > our program is concerned, we have encryption =

> algorithms inside the
> > program that forms a middle layer between the =

> application and the
> > database/file.
>
> Open source will not help you if your encryption =

> algorithms are designed
> badly.  If the encryption algorithms are weak, then =

> knowledge of the
> algorithms can be used to attack them.  Strong =

> algorithms cannot be
> attacked by reverse engineering, they can only be =

> attacked by brute
> force.
>
> Example of a (very) weak algorithm:
>
>       for(i=3D0;i<length;i++) buffer[i] =3D buffer[i] ^ 0x45
>
> XOR each byte with a constant bit mask.  Knowledge of =

> this code makes
> the encryption worthless.  This is not good.  Then =

> again, just looking
> at the byte stream statistically can easily break such =

> encryption.
>
> If you are using weak algorithms at all, and shipping =

> the binary
> executable to customers, it is quite easy to find the =

> code that manages
> the encryption.  Many companies have tried that, =

> expecting the lack of
> source code to be the primary barrier, but it has =

> proven to be false
> security.  Terms and conditions that prohibit reverse =

> engineering are
> also worthless, because the black hats don't obey laws =

> anyway.
>
> Use strong algorithms, such as RSA with private and =

> public key pairs. =

> So long as the private keys are secure and under your =

> direct control,
> security is good.  There are patent-free strong =

> algorithms available, as
> used by products like OpenSSL.  Revealing the source =

> code for strong
> algorithms is a safe thing to do.
>
> It is really up to you whether you want your product to =

> be open source,
> but you cannot use the excuse "won't knowledge of the =

> source violate the
> security of the encryption algorithms?", because =

> evidence so far has
> shown this to be false.
>
> I'm not qualified to analyse your encryption =

> algorithms.  You should
> have them formally reviewed by a software engineer who =

> specialises in
> encryption.  Software engineers have often written =

> encryption algorithms
> that have ended up being insecure.
>
> I hope this helps.
>
> -- =

> James Cameron


 =