lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Mon, 14 Jun 2010 09:05:00 -0700
From: "Thor (Hammer Of God)" <thor@...merofgod.com>
To: "<Valdis.Kletnieks@...edu>" <Valdis.Kletnieks@...edu>
Cc: "<full-disclosure@...ts.grok.org.uk>" <full-disclosure@...ts.grok.org.uk>
Subject: Re: Introducing TGP...

I don't get it - in 5 years his iPhone will crack RSA2048 while  
listening to Iron Butterfly yet all the PCs in the world won't be able  
to handle AV.

It's evident that I should consult him, particularly when it comes to  
reccomending what "hash" I should use :D
T


On Jun 14, 2010, at 8:51 AM, <Valdis.Kletnieks@...edu> wrote:

> On Mon, 14 Jun 2010 16:21:37 BST, lsi said:
>>> Ancient crypto?  You really have no effing clue, do you?
>>
>> Whatever you use today, it will be ancient in 5 years.
>
> PGP came out when? 1991.  Will be a quarter century old in 5 years.
>
> AES came out when? Standardized in 2001 after a 5-year process by  
> NIST.
>
> OpenSSL finally made it to 1.0 this year after a 12 year stint at  
> 0.9.X (it
> sat at 0.9.8 for 5 years).
>
> Amazingly enough, they're all pretty much still going strong -  
> mostly because
> the crypto field moves pretty damned slowly.  The general philosophy  
> in crypto
> isn't "It will be ancient in 5 years", it's "we won't even trust it  
> for live
> deployment until good people have bashed it for a decade".
>
> On Mon, 14 Jun 2010 11:47:42 BST, lsi said:
>> Even if nobody finds a weakness in the algorithm you used, 5 years
>> from now I will probably have enough spare CPU to brute-force it
>> using my mobile phone....
>
> Moore's Law doesn't move *that* fast.
>
> What was the fastest commercially available processor in 2005? What  
> is it
> today?  What gain was there over the last 5 years, and is there  
> reason to
> expect the next 5 to be any different?
>
> More to the point - most mobile phones use ARM processors to keep  
> the power
> consumption down.  As a result, they're a tad slower than what  
> you'll find
> in desktops and servers (hint - how well would your cell phone work  
> if it
> had to carrry around the heat sink a Core2 Duo needs?).
>
> And what good drugs are you on that you think a cell phone processor  
> 5 years
> from now will have the CPU power that current moby-cluster  
> supercomputers
> have?  (If we're on the verge of making those sort of advances, I  
> want to
> see what a Sony Playstation 4 can do in 2015. Yowza - holodeck  
> time. ;)
>
> Might be more cost-efficient to get to the holodeck using the drugs  
> you're
> on thought. ;)
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ