Firewall Wizards mailing list archives
RE: pcanywhere encryption
From: Ben.Grubin () guardent com
Date: Sat, 27 Jan 2001 12:57:59 -0500
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
-----Original Message-----From: hermit1 [mailto:hermits () mac com]Sent: Friday, January 26, 2001 12:08 PM To: firewall-wizards () nfr net Subject: [fw-wiz] pcanywhere encryption I wouldn't bother people with this, except Symantec tech support claims to know nothing about how their encryption works. (Actually, they claim their product does not do encryption, it merely passes the data to Microsoft programs for encryption when appropriate. Doesn't that make you feel safe?)
It's what Microsoft's Crypto API was designed for. There is quite a selection of perfectly reasonable algorithms that plug in.
My organization is looking into ways of expanding remote access capabilities. One program we are trying is pcAnywhere from Symantec. The documentation claims there are 4 levels of encryption available: 1. None - Symantec recommends against using this 2. pcAnywhere - Symantec also recommends against using this 3. Symmetric key - recommended 4. Public key - recommended as stronger than #3. But as near as I can tell, this has the same level of encryption as #3 except you need a certificate setup to use it. For symmetric keys, the manual states "pcAnywhere generates a unique public key and uses this key to encrypt and safely pass the symmetric key used to encrypt the session."
Precisely. My guess is #3 is just generating a public/private kepair, whereas #4 is able to utilize your existing X.509 certificates. Your certs might be more secure in that the keypairs it generates on its own might be of a low keylength.
Since there is no provision for selecting how the encrypted key gets decrypted by which client or server (there is no statement about which end of the connection generates the keys), the only conclusion I can draw is that the "unique public key" can be decrypted by ANY pcAnywhere host or client anywhere. Well, I can draw another conclusion that both the public and private keys are sent at the same time, but that procedure seems even more stupid than my first conclusion.
You don't seem to understand the nature of a public/private keypair or the persuant exchange. The public key is not used for decryption. It is used for ENcryption of the data destined for the host that sent the key. That's why it's safe to send that key over the wire in the clear, which is precisely what happens. Each side of the connection generates a public/private keypair, and sends the public key to the other side. Now each side can use that public key to encrypt the data to the other, which posesses the matching private key.
Can anyone help out by explaining what Symantec is actually doing to set up encrypted sessions? Symantec can't explain it.
That's because the manual already did. They probably had no idea what you were asking. Software support desks are inherently for those that can't read the manual. Since you already did, you knew as much, if not more, than they did. Cheers, Ben - -------------------------------------------------- Benjamin P. Grubin bgrubin () guardent com Guardent, Inc. http://www.guardent.com PGP Key: D33D 22C2 6552 0F6B 44E4 5254 0172 0E10 "The world isn't run by weapons anymore, or energy, or money. It's run by little ones and zeros, little bits of data.. it's all just electrons." -----BEGIN PGP SIGNATURE----- Version: PGP 7.0 iQA/AwUBOnMLlCmSO0d5/rT7EQJPqwCg+UggwazBAkuMrmFtT/K46UbyF/sAoLwn wVEV9vth51QpR75DcSiEYk9s =hLLN -----END PGP SIGNATURE----- _______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://www.nfr.com/mailman/listinfo/firewall-wizards
Current thread:
- RE: pcanywhere encryption Henry Sieff (Jan 29)
- <Possible follow-ups>
- RE: pcanywhere encryption Loomis, Rip (Jan 29)
- RE: pcanywhere encryption Ben . Grubin (Jan 29)
- RE: pcanywhere encryption hermit1 (Jan 29)
- Re: pcanywhere encryption Randy Witlicki (Jan 29)
- RE: pcanywhere encryption Hackett, James (Jan 30)