Gentoo Archives: gentoo-user

From: Chris Walters <cjw2004d@×××××××.net>
To: gentoo-user@l.g.o
Subject: Re: [gentoo-user] loop-aes + extra-ciphers...
Date: Wed, 25 Jun 2008 20:25:30
Message-Id: 4862A9AE.1030909@comcast.net
In Reply to: Re: [gentoo-user] loop-aes + extra-ciphers... by Sebastian Wiesner
1 -----BEGIN PGP SIGNED MESSAGE-----
2 Hash: SHA512
3
4 Sebastian Wiesner wrote:
5 | Chris Walters <cjw2004d@×××××××.net> at Wednesday 25 June 2008, 17:14:20
6 |
7 |> | Rumor has it that the three-letter agencies (CIA, KGB, M.A.V.O. [2],
8 |> | etc) can break those algorithms relatively easy. On the other hand even
9 |> | weaker algorithms can protect your data against laptop thieves.
10 |
11 | You had better used the acronym FUD instead of the word "rumor". US
12 | government itself has declared Rijndael 256 sufficient for classified
13 | information up to top secret. This level of security is shared among all
14 | AES finalists like RC6 or Serpent.
15 |
16 |> That's more than a rumor. Another three letter agency (NSA) has networks
17 |> of supercomputers that can brute force a passphrase is little time.
18 |
19 | Bruteforcing a _passphrase_ is not the same as bruteforcing a key. An both
20 | of these don't have nothing to do with the algorithm itself. They are
21 | side-attacks ... a weak passphrase is user idiocity, not a cipher
22 | weakness.
23 |
24 |> It is not that I'm terribly paranoid about people getting my data, I just
25 |> want to make it a little harder.
26 |
27 | What's the point in making the impossible even harder?
28 |
29 |> Of course, it is always possible to insert code that will send the
30 |> unencrypted data, once you've logged on - not easy for the casual user,
31 |> but for the guru, an easy thing.
32 |
33 | That's operating system security and has nothing to do with cryptology.
34 | Someone having only your hard disk can't inject a rootkit into the system.
35
36 Are you a cryptology expert? By the way, nothing is impossible. The only
37 thing that cryptography attempts to do is reduce the **probability** of
38 cracking the key and gaining access to the data as low as possible.
39
40 As for brute forcing a passphrase: Since most implementations of AES
41 (Rijndael) use a hash of the passphrase to form the key, it amounts to the same
42 thing, in practice, as cracking the key.
43
44 Cryptology is, at least partly about finding the weakest link, because that is
45 what is likely to be attacked in any cryptosystem. If the weakest link is
46 system security or a weak passphrase, then that weakness translates to a
47 weakness in anything encrypted in such an environment.
48
49 The US Government only keeps classified information on non-networked computers
50 in secure environments, so the cipher used does not matter as much as the other
51 security measures taken to ensure that the data does not fall into the wrong hands.
52
53 A final thought: It is a fact that both the US Navy and the NSA are *very*
54 interested in cryptology and data security. The NSA also does have large
55 networks of supercomputers that, using parallel, distributed or concurrent
56 computing principles can crack keys more quickly than you may think.
57
58 Regards,
59 Chris
60 -----BEGIN PGP SIGNATURE-----
61
62 iQIcBAEBCgAGBQJIYqmqAAoJEIAhA8M9p9DAIo8P/A17VwmkVsscVgfFzpCVDQbw
63 69WHMmoUvn5GasVRiM2JUi2UeEDpzCuLNxYlQglFWhyvsbplV3aiJmtzVdbEitsK
64 hpf7Jt0wNvzi25Cye/j2DJlkGh7PTGRCkrMkoirgg+JTSFC21TzAnJZSUQH3Zhv8
65 Inb1C53jl8/RV1KTdPOX2W/hNo1VCPfpFnhxhad8fzj59pM1UwMVktwAQtO1JmOW
66 fQm3/mSbeLyr0L5ZKPlc5shao/QVZ7Zo9xTDU8PFrBCmmt93MODGdbaOY7IsCmsl
67 6vWfWi1suV1a9ptPpU9ohn7YZtHlEboRMb4/mHCsj46SsI9cOo1KVLpqfiQZxd1t
68 U1niZU8Cb67+cvEDcQ/q1eIGDMza01NR8UxtF66vHB8WrGKpLYs+ckHqJg9+hgF5
69 nUiY2RHeyNd3lh4vUWCY15Kh9OfK/LlL9IvGZV2Vpc066aa/EfC3AyiSSc+cMMx9
70 r4GQijL3wfKaDY9OUh6hJZcSZpBNTZezQ1sNZNMOm0TgDLGtJNMv5ltHjtZnxmbC
71 Fus0IRrQVYvXT8ADZW80Ic256RWtUvn73WjBevYswa2T/Oc3o/NWc2sMrxEg8FVs
72 a7nCa4ErSKIWRbMHTuTZLO3l6+XXjXm0sHk0qQ4JfFNkoV4gyMZq36HelAb2GsRu
73 7NJKaZIXlOCuNiYByLfp
74 =wp+F
75 -----END PGP SIGNATURE-----
76 --
77 gentoo-user@l.g.o mailing list

Replies

Subject Author
Re: [gentoo-user] loop-aes + extra-ciphers... Sebastian Wiesner <basti.wiesner@×××.net>