| 1 |
Chris Walters <cjw2004d@×××××××.net> at Wednesday 25 June 2008, 17:14:20 |
| 2 |
|
| 3 |
> | Rumor has it that the three-letter agencies (CIA, KGB, M.A.V.O. [2], |
| 4 |
> | etc) can break those algorithms relatively easy. On the other hand even |
| 5 |
> | weaker algorithms can protect your data against laptop thieves. |
| 6 |
|
| 7 |
You had better used the acronym FUD instead of the word "rumor". US |
| 8 |
government itself has declared Rijndael 256 sufficient for classified |
| 9 |
information up to top secret. This level of security is shared among all |
| 10 |
AES finalists like RC6 or Serpent. |
| 11 |
|
| 12 |
> That's more than a rumor. Another three letter agency (NSA) has networks |
| 13 |
> of supercomputers that can brute force a passphrase is little time. |
| 14 |
|
| 15 |
Bruteforcing a _passphrase_ is not the same as bruteforcing a key. An both |
| 16 |
of these don't have nothing to do with the algorithm itself. They are |
| 17 |
side-attacks ... a weak passphrase is user idiocity, not a cipher |
| 18 |
weakness. |
| 19 |
|
| 20 |
> It is not that I'm terribly paranoid about people getting my data, I just |
| 21 |
> want to make it a little harder. |
| 22 |
|
| 23 |
What's the point in making the impossible even harder? |
| 24 |
|
| 25 |
> Of course, it is always possible to insert code that will send the |
| 26 |
> unencrypted data, once you've logged on - not easy for the casual user, |
| 27 |
> but for the guru, an easy thing. |
| 28 |
|
| 29 |
That's operating system security and has nothing to do with cryptology. |
| 30 |
Someone having only your hard disk can't inject a rootkit into the system. |
| 31 |
|
| 32 |
-- |
| 33 |
Freedom is always the freedom of dissenters. |
| 34 |
(Rosa Luxemburg) |
Archives