How To Forum

Best Encryption Practices

Posted By: Tom Brownsword
Date: Thursday, 5 May 2005, at 1:58 a.m.

In Response To: eBook Pro disabling features FRIGHTENS me! (Justone Seng)

I'm sure that a crack exists for eBook Pro, and if I weren't intent on writing a paper, I'd take the time to find it.

This was taken from the first Google entry (I didn't click on the link) when I searched for "eBook Pro crack":

"...files are encrypted with a custom-built algorithm that is virtually impossible to crack..."

As a computer security professional and graduate student working on a degree in Information Assurance, I have learned that one of the things that make encryption strong is subjecting the algorithm that does the encrypting to peer review. The current industry encryption standards, which include triple DES and AES, are based on publicly available algorithms that thousands of people have examined. There's nothing secret about the algorithms; what makes an encryption solution "virtually impossible to crack" is how the algorithm is applied to the plaintext to produce the ciphertext -- not the secrecy of the algorithm that produced the ciphertext.

In short, no self-respecting computer security professional would ever recommend that a client entrust their most important secrets to a proprietary encryption algorithm that has not been subject to extensive peer review and attempts to crack it.

You would be better off to alter your business plan to ensure a continued cash flow via some other means than a product like eBook Pro, but that has to be an individual decision. I'll leave it to others with more experience in this area to give ideas on other ways to create cash flow, but if you delight your customers the first time they buy, you stand a better chance of multiple repeat sales.

And I don't blame you for not wanting to purchase an eBook that "phones home" to see if the license holder is still allowed to view it. Suppose I had purchased such a book and relied upon daily availability of that eBook to run my business. Well, today is the first time I've had Internet access in a month, and if the software decided two weeks ago that it would not give me access until it "phoned home", I would be more than upset -- I would have lost two weeks worth of business, revenue, customer goodwill... In short, such actions take access away from an authorized user, which breaks the Availability aspect of computer security (the others are integrity and confidentiality) -- and if you lose availability, you have failed in your attempts to provide computer security.

In summary, don't rely on anything "proprietary" to protect your intellectual property, and any protection product that denies access to legitimate users violates basic computer security principles. And it never hurts to be a little paranoid when it comes to computer security.

Thanks for listening,
Tom

listening,
Tom

Your Personal Computer Security Plan Made Easier (aff)

Messages In This Thread

eBook Pro disabling features FRIGHTENS me!
Justone Seng -- Wednesday, 29 January 2003, at 3:37 p.m.

Re: eBook Pro disabling features FRIGHTENS me!
dave -- Monday, 11 April 2005, at 4:24 a.m.

Re: eBook Pro disabling features FRIGHTENS me!
Buzz -- Tuesday, 3 May 2005, at 3:15 a.m.

Re: eBook Pro disabling features FRIGHTENS me!
Christopher -- Tuesday, 3 May 2005, at 5:29 a.m.

Best Encryption Practices
Tom Brownsword -- Thursday, 5 May 2005, at 1:58 a.m.

Re: Best Encryption Practices
Bill Hely -- Thursday, 5 May 2005, at 2:14 a.m.

Re: Best Encryption Practices
Tom Brownsword -- Thursday, 5 May 2005, at 12:51 p.m.

How To Forum is maintained by HowToCorp with WebBBS 5.12.