[Glade-users] Create Directory browser instead of File browser
Shivdeep Krishnan
kshivdeep@rediffmail.com
6 Sep 2001 12:32:39 -0000
Hi,
Yes it has definitely cleared my doubts. Thnka for it. I am now going thr=
ouch the book on "Applied Cryptography". Thanks for the help. =
I am currently creating a windows-style setup for my project; but I am st=
uck in the part of a directory browser. I want a directory browser instea=
d of a file browser. The fileselection dialog does not have features to m=
ake invisible the files. please suggest what i should do.
Regards,
Shivdeep
On Thu, 06 Sep 2001 James Cameron wrote :
>Shivdeep Krishnan wrote:
>> Thanks for the immediate reply.
>
>It was mid-afternoon for me in outback Australia.
>
>> I am still unclear as to how open sourcing will =
>prevent cracks. As far
>> our program is concerned, we have encryption =
>algorithms inside the
>> program that forms a middle layer between the =
>application and the
>> database/file.
>
>Open source will not help you if your encryption =
>algorithms are designed
>badly. If the encryption algorithms are weak, then =
>knowledge of the
>algorithms can be used to attack them. Strong =
>algorithms cannot be
>attacked by reverse engineering, they can only be =
>attacked by brute
>force.
>
>Example of a (very) weak algorithm:
>
> for(i=3D0;i<length;i++) buffer[i] =3D buffer[i] ^ 0x45
>
>XOR each byte with a constant bit mask. Knowledge of =
>this code makes
>the encryption worthless. This is not good. Then =
>again, just looking
>at the byte stream statistically can easily break such =
>encryption.
>
>If you are using weak algorithms at all, and shipping =
>the binary
>executable to customers, it is quite easy to find the =
>code that manages
>the encryption. Many companies have tried that, =
>expecting the lack of
>source code to be the primary barrier, but it has =
>proven to be false
>security. Terms and conditions that prohibit reverse =
>engineering are
>also worthless, because the black hats don't obey laws =
>anyway.
>
>Use strong algorithms, such as RSA with private and =
>public key pairs. =
>So long as the private keys are secure and under your =
>direct control,
>security is good. There are patent-free strong =
>algorithms available, as
>used by products like OpenSSL. Revealing the source =
>code for strong
>algorithms is a safe thing to do.
>
>It is really up to you whether you want your product to =
>be open source,
>but you cannot use the excuse "won't knowledge of the =
>source violate the
>security of the encryption algorithms?", because =
>evidence so far has
>shown this to be false.
>
>I'm not qualified to analyse your encryption =
>algorithms. You should
>have them formally reviewed by a software engineer who =
>specialises in
>encryption. Software engineers have often written =
>encryption algorithms
>that have ended up being insecure.
>
>I hope this helps.
>
>-- =
>James Cameron
=