| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 14 Jun 2010 13:40:31 +0000 From: "Thor (Hammer of God)" <Thor@...merofgod.com> To: "stuart@...erdelix.net" <stuart@...erdelix.net>, "full-disclosure@...ts.grok.org.uk" <full-disclosure@...ts.grok.org.uk> Subject: Re: Introducing TGP... Ancient crypto? You really have no effing clue, do you? But, as I asked, thanks for your feedback. Secondly, that's NOT too small to be a scan of my passport since that is EXACTLY what that is. Regardless, please feel free to post some actual details about issues with the "ancient" crypto and any other technical observances. In fact, why not start cracking it now and let us know what you come up with? IOW, do something that would actually be useful rather than sit around and bitch about viruses all day? t >-----Original Message----- >From: full-disclosure-bounces@...ts.grok.org.uk [mailto:full-disclosure- >bounces@...ts.grok.org.uk] On Behalf Of lsi >Sent: Monday, June 14, 2010 3:48 AM >To: full-disclosure@...ts.grok.org.uk >Subject: Re: [Full-disclosure] Introducing TGP... > >On 14 Jun 2010 at 4:23, Thor (Hammer of God) wrote: > >> >> create a private key with a strong password, post that, and then, >> >> say, encrypt a scan of your passport and post that. >> > >> >So, I think this is a dumb idea... :) >> > >> >You might think your crypto is secure right now, but in 5 years there >> >might be a big hole in it. If copies of your passport are floating >> >about on the net, you can't even delete them, and certainly cannot >> >prevent anyone using the new crack against your old crypto. >> >> Of course you think it's a dumb idea. But according to you, in 3 >> years, all the computers in the world will screech to a grinding halt >> because of what Symantec says are "new threats." How can anyone use >> the "new crack" when they can't turn their computers on? > >No, only Windows machines will be grinding to a halt. OTOH, my sleek unix >boxen will be whizzing along nicely.... just waiting for some interesting work to >do, such as cracking some files protected by ancient crypto. > >Even if nobody finds a weakness in the algorithm you used, 5 years from now I >will probably have enough spare CPU to brute-force it using my mobile >phone.... > >If you were posting docs with a shorter shelf-life there would be less danger. >But a passport is always useful.... > >> >If, of course you think I'm speaking tripe, go ahead and post it... >> >> Here it is! Go nuts. > >That's too small to be a passport scan. > >> Timothy has developed and implemented networking and application >> security solutions for institutions such as ... Microsoft .... Timothy >> has been a columnist for Security FocusĀ“ Microsoft section, > >Uh-huh.... > >Stu > >--- >Stuart Udall >stuart at@...erdelix.dot net - http://www.cyberdelix.net/ > >--- > * Origin: lsi: revolution through evolution (192:168/0.2) > >_______________________________________________ >Full-Disclosure - We believe in it. >Charter: http://lists.grok.org.uk/full-disclosure-charter.html >Hosted and sponsored by Secunia - http://secunia.com/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists