1 |
-----BEGIN PGP SIGNED MESSAGE----- |
2 |
Hash: SHA512 |
3 |
|
4 |
Sebastian Wiesner wrote: |
5 |
| Chris Walters <cjw2004d@×××××××.net> at Wednesday 25 June 2008, 17:14:20 |
6 |
| |
7 |
|> | Rumor has it that the three-letter agencies (CIA, KGB, M.A.V.O. [2], |
8 |
|> | etc) can break those algorithms relatively easy. On the other hand even |
9 |
|> | weaker algorithms can protect your data against laptop thieves. |
10 |
| |
11 |
| You had better used the acronym FUD instead of the word "rumor". US |
12 |
| government itself has declared Rijndael 256 sufficient for classified |
13 |
| information up to top secret. This level of security is shared among all |
14 |
| AES finalists like RC6 or Serpent. |
15 |
| |
16 |
|> That's more than a rumor. Another three letter agency (NSA) has networks |
17 |
|> of supercomputers that can brute force a passphrase is little time. |
18 |
| |
19 |
| Bruteforcing a _passphrase_ is not the same as bruteforcing a key. An both |
20 |
| of these don't have nothing to do with the algorithm itself. They are |
21 |
| side-attacks ... a weak passphrase is user idiocity, not a cipher |
22 |
| weakness. |
23 |
| |
24 |
|> It is not that I'm terribly paranoid about people getting my data, I just |
25 |
|> want to make it a little harder. |
26 |
| |
27 |
| What's the point in making the impossible even harder? |
28 |
| |
29 |
|> Of course, it is always possible to insert code that will send the |
30 |
|> unencrypted data, once you've logged on - not easy for the casual user, |
31 |
|> but for the guru, an easy thing. |
32 |
| |
33 |
| That's operating system security and has nothing to do with cryptology. |
34 |
| Someone having only your hard disk can't inject a rootkit into the system. |
35 |
|
36 |
Are you a cryptology expert? By the way, nothing is impossible. The only |
37 |
thing that cryptography attempts to do is reduce the **probability** of |
38 |
cracking the key and gaining access to the data as low as possible. |
39 |
|
40 |
As for brute forcing a passphrase: Since most implementations of AES |
41 |
(Rijndael) use a hash of the passphrase to form the key, it amounts to the same |
42 |
thing, in practice, as cracking the key. |
43 |
|
44 |
Cryptology is, at least partly about finding the weakest link, because that is |
45 |
what is likely to be attacked in any cryptosystem. If the weakest link is |
46 |
system security or a weak passphrase, then that weakness translates to a |
47 |
weakness in anything encrypted in such an environment. |
48 |
|
49 |
The US Government only keeps classified information on non-networked computers |
50 |
in secure environments, so the cipher used does not matter as much as the other |
51 |
security measures taken to ensure that the data does not fall into the wrong hands. |
52 |
|
53 |
A final thought: It is a fact that both the US Navy and the NSA are *very* |
54 |
interested in cryptology and data security. The NSA also does have large |
55 |
networks of supercomputers that, using parallel, distributed or concurrent |
56 |
computing principles can crack keys more quickly than you may think. |
57 |
|
58 |
Regards, |
59 |
Chris |
60 |
-----BEGIN PGP SIGNATURE----- |
61 |
|
62 |
iQIcBAEBCgAGBQJIYqmqAAoJEIAhA8M9p9DAIo8P/A17VwmkVsscVgfFzpCVDQbw |
63 |
69WHMmoUvn5GasVRiM2JUi2UeEDpzCuLNxYlQglFWhyvsbplV3aiJmtzVdbEitsK |
64 |
hpf7Jt0wNvzi25Cye/j2DJlkGh7PTGRCkrMkoirgg+JTSFC21TzAnJZSUQH3Zhv8 |
65 |
Inb1C53jl8/RV1KTdPOX2W/hNo1VCPfpFnhxhad8fzj59pM1UwMVktwAQtO1JmOW |
66 |
fQm3/mSbeLyr0L5ZKPlc5shao/QVZ7Zo9xTDU8PFrBCmmt93MODGdbaOY7IsCmsl |
67 |
6vWfWi1suV1a9ptPpU9ohn7YZtHlEboRMb4/mHCsj46SsI9cOo1KVLpqfiQZxd1t |
68 |
U1niZU8Cb67+cvEDcQ/q1eIGDMza01NR8UxtF66vHB8WrGKpLYs+ckHqJg9+hgF5 |
69 |
nUiY2RHeyNd3lh4vUWCY15Kh9OfK/LlL9IvGZV2Vpc066aa/EfC3AyiSSc+cMMx9 |
70 |
r4GQijL3wfKaDY9OUh6hJZcSZpBNTZezQ1sNZNMOm0TgDLGtJNMv5ltHjtZnxmbC |
71 |
Fus0IRrQVYvXT8ADZW80Ic256RWtUvn73WjBevYswa2T/Oc3o/NWc2sMrxEg8FVs |
72 |
a7nCa4ErSKIWRbMHTuTZLO3l6+XXjXm0sHk0qQ4JfFNkoV4gyMZq36HelAb2GsRu |
73 |
7NJKaZIXlOCuNiYByLfp |
74 |
=wp+F |
75 |
-----END PGP SIGNATURE----- |
76 |
-- |
77 |
gentoo-user@l.g.o mailing list |