Development: progress and thougts

ATTENTION: You are viewing a page formatted for mobile devices; to view the full web page, click HERE.

DonationCoder.com Software > fSekrit

<< < (3/4) > >>

f0dder:
Now you are the original author of FSekrit - A fine program indeed - But are you really willing to go through all the legal crap if somebody learned enough from your code to get ahead?-Stoic Joker (August 22, 2010, 08:52 AM)
--- End quote ---
An interesting question, really. And the answer is probably no - I don't have the time nor money to do that.

fSekrit is a pretty small app, and I doubt it'd be easy for people to rip it off and sell it - yes, a lot of people are sheeple, but still. It'd hurt to see other people profit from my work, but on the other hand I think there's a lot of value in having the source code open; people tend to trust encryption application a bit more when they can verify there are no back doors :)

panzer:
For paranoid users:

Add possibility to encrypt with Serpent algorithm (it is apparently even more secure than AES, but slower and more difficult to implement)

and

implement 2-pass encryption mode: pass 1 Serpent, pass 2 AES

Just kidding. FSekrit is good enough as it is. :)

For those who need Serpent or some other algorithm (or 2-pass encryption mode), there is ClipSecure (http://sourceforge.net/projects/clipsecure/). You can mix 5 chaining modes, 6 hash types, and 7 algorithms to find your ideal security formula.

f0dder:
Alternate encryption algorithms isn't something I've planned on implementing in fSekrit, at least not before every other ToDo item has been fixed.

Why? Because I find it extremely unlikely we're going to see Rijndael broken... at least to the level where it's breakable by anybody but the largest criminal gangs or governments (tomato/tomato, I guess). And if those people are after you, they've already gut rubber hose cryptography, which breaks just about anything available today.

Alternative crypt algos will add several kilobytes to the executable, while fSekrit's primary goal after security was to keep things simple & slim. And I can't help ponder that if one of the major block ciphers was severely broken, wouldn't that mean advances in maths/quantum computing/whatever that would also deliver serious blows against the other contenders, considering they're (AFAIK) similarly structured?

This is a fine point in favor of opensourcing, btw - to let other people work on adding new algorithms ;). I'd probably accept such changes into the main distribution, if the patches allowed for easily building versions with/without the extra algorithms, so the main/baseline executable can be kept slim.

panzer:
1. Please make an option to save files but without lock icon (Windows shouldn't recognize it) and that it wouldn't be self-extracting exe. It should be accessed only throught FSekrit menu Open file.

Why?

Let say I live in a country with a represive regime. I get a visit from a policeman (not stupid, but not bright either). He checks my comp. He then finds files with lock icon. He doesn't know what are they so he double clicks on it. A window opens requiring from him a password. Just because I have password protected files it could cost me my freedom i.e. I could go to jail or they would torture me until I would tell them the password.

Truecrypt and Dscrypt are great because files are recognized as unrecognizable (you have to make that in Options), by double clicking on them you will get a window asking you Which programm should I use to open it. If that policeman asks you what is this unrecognizable file, you can just say It is just a leftover from a messy uninstalation. He can't tell for sure it is a encrypted file.

Weird scenario, but self-extracting exe files are not great idea for all users.

Does this make any sense?

2. When you save file as read only, you are not allowed to save it once more to some other location for backup (if you mistakenly delete it) - the options remain grey. Why is that? By normal saving, you can save the same text multiple times without fuss.

Have a nice day!

f0dder:
#1: I actually do plan on supporting fSekrit "documents" without the executable prepended - but it's not not going to be 100% anonymous, since (contrary to how e.g. TrueCrypt works) the fSekrit documents have a file header. But if you don't set up a file association, you won't get the icon and double-click behavior. It's on my ToDo list.

#2: different people are asking for different things wrt. how read-only should work. You can always manually copy the .exe file from explorer, or copy/paste text into a new document, or use the export functionality :)

Navigation

[0] Message Index

[#] Next page

[*] Previous page

Go to full version