[Glade-users] Create Directory browser instead of File browser

Shivdeep Krishnan kshivdeep@rediffmail.com
6 Sep 2001 12:32:39 -0000


Hi,

Yes it has definitely cleared my doubts. Thnka for it. I am now going thr=
ouch the book on "Applied Cryptography". Thanks for the help. =


I am currently creating a windows-style setup for my project; but I am st=
uck in the part of a directory browser. I want a directory browser instea=
d of a file browser. The fileselection dialog does not have features to m=
ake invisible the files. please suggest what i should do.

Regards,
Shivdeep

On Thu, 06 Sep 2001 James Cameron wrote :
>Shivdeep Krishnan wrote:
>> Thanks for the immediate reply.
>
>It was mid-afternoon for me in outback Australia.
>
>> I am still unclear as to how open sourcing will =

>prevent cracks. As far
>> our program is concerned, we have encryption =

>algorithms inside the
>> program that forms a middle layer between the =

>application and the
>> database/file.
>
>Open source will not help you if your encryption =

>algorithms are designed
>badly.  If the encryption algorithms are weak, then =

>knowledge of the
>algorithms can be used to attack them.  Strong =

>algorithms cannot be
>attacked by reverse engineering, they can only be =

>attacked by brute
>force.
>
>Example of a (very) weak algorithm:
>
>	for(i=3D0;i<length;i++) buffer[i] =3D buffer[i] ^ 0x45
>
>XOR each byte with a constant bit mask.  Knowledge of =

>this code makes
>the encryption worthless.  This is not good.  Then =

>again, just looking
>at the byte stream statistically can easily break such =

>encryption.
>
>If you are using weak algorithms at all, and shipping =

>the binary
>executable to customers, it is quite easy to find the =

>code that manages
>the encryption.  Many companies have tried that, =

>expecting the lack of
>source code to be the primary barrier, but it has =

>proven to be false
>security.  Terms and conditions that prohibit reverse =

>engineering are
>also worthless, because the black hats don't obey laws =

>anyway.
>
>Use strong algorithms, such as RSA with private and =

>public key pairs. =

>So long as the private keys are secure and under your =

>direct control,
>security is good.  There are patent-free strong =

>algorithms available, as
>used by products like OpenSSL.  Revealing the source =

>code for strong
>algorithms is a safe thing to do.
>
>It is really up to you whether you want your product to =

>be open source,
>but you cannot use the excuse "won't knowledge of the =

>source violate the
>security of the encryption algorithms?", because =

>evidence so far has
>shown this to be false.
>
>I'm not qualified to analyse your encryption =

>algorithms.  You should
>have them formally reviewed by a software engineer who =

>specialises in
>encryption.  Software engineers have often written =

>encryption algorithms
>that have ended up being insecure.
>
>I hope this helps.
>
>-- =

>James Cameron


 =