1 |
Chris Walters <cjw2004d@×××××××.net> at Wednesday 25 June 2008, 17:14:20 |
2 |
|
3 |
> | Rumor has it that the three-letter agencies (CIA, KGB, M.A.V.O. [2], |
4 |
> | etc) can break those algorithms relatively easy. On the other hand even |
5 |
> | weaker algorithms can protect your data against laptop thieves. |
6 |
|
7 |
You had better used the acronym FUD instead of the word "rumor". US |
8 |
government itself has declared Rijndael 256 sufficient for classified |
9 |
information up to top secret. This level of security is shared among all |
10 |
AES finalists like RC6 or Serpent. |
11 |
|
12 |
> That's more than a rumor. Another three letter agency (NSA) has networks |
13 |
> of supercomputers that can brute force a passphrase is little time. |
14 |
|
15 |
Bruteforcing a _passphrase_ is not the same as bruteforcing a key. An both |
16 |
of these don't have nothing to do with the algorithm itself. They are |
17 |
side-attacks ... a weak passphrase is user idiocity, not a cipher |
18 |
weakness. |
19 |
|
20 |
> It is not that I'm terribly paranoid about people getting my data, I just |
21 |
> want to make it a little harder. |
22 |
|
23 |
What's the point in making the impossible even harder? |
24 |
|
25 |
> Of course, it is always possible to insert code that will send the |
26 |
> unencrypted data, once you've logged on - not easy for the casual user, |
27 |
> but for the guru, an easy thing. |
28 |
|
29 |
That's operating system security and has nothing to do with cryptology. |
30 |
Someone having only your hard disk can't inject a rootkit into the system. |
31 |
|
32 |
-- |
33 |
Freedom is always the freedom of dissenters. |
34 |
(Rosa Luxemburg) |