lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Mon, 14 Jun 2010 19:41:32 +0000
From: "Thor (Hammer of God)" <Thor@...merofgod.com>
To: "stuart@...erdelix.net" <stuart@...erdelix.net>,
	"full-disclosure@...ts.grok.org.uk" <full-disclosure@...ts.grok.org.uk>
Subject: Re: Introducing TGP...

You keep talking about DES being cracked as if you had something to do with it...  everyone here knows that encryption is math, and that as computers get faster, it will be easier and faster to break encryption algorithms.  Yet you say things like "you've archived your data and people will be able to come back to it" as if it is some sort of epiphany.  I KNOW I've archived it.  That's the POINT.  See if you can understand this:  "By the time it gets cracked, it won't matter anymore.  The value of the data will not survive the time it takes to crack it."  

It took decades for DES to be practically cracked, and it was simply 56-bit block encryption.  Yet it still took 22 hours for supercomputers  specifically designed to crack a less-than-20-character cypher, at which point they were only 22% through the keyspace.   You don't seem to get that both the AES256 key *and* the AESIV are BOTH RSA2048 bit encrypted.   But actually, it doesn't matter that you don't get it: you've already illustrated that you can't do the math, so I'm not too concerned about your claiming that AES256 and RSA2048 will be, quote, "ancient" in 5 tiny little years.  

All you've been able to do is say, "it's insecure because it will be decrypted at some point in the future."  Well thank God YOU'RE here to point out the obvious!!  

At this point, I'd like to change my request to the FD list:  Rather than "if you have any comments," what I am asking now is, "if you have any intelligent comments that will help forward the security of TGP in a meaningful way, please feel free to chime in."  

You know, like Jeffery's question about SHA256 - that was meaningful and helpful.    I mean, saying "surely it is better to keep the cypher text inaccessible" really shows that you are ignoring the fact that if the cypher text were inaccessible, then it wouldn't have to be cypher text in the first place.  If it were inaccessible there would be no reason to protect it. 

Stu, what you don't seem to get is that the very point of encryption is for data to be secured when completely exposed.  That's the POINT.  It's not a "would be nice if" or a "man, it would be super keen if"...  It is *why* we have encryption.   There is NO REASON why I should not be able to post a scan of my passport and expect it to be secure for longer than the expected life of the value of the data.  If it can't be, then we need better algo, not FUD.

t



-----Original Message-----
From: full-disclosure-bounces@...ts.grok.org.uk [mailto:full-disclosure-bounces@...ts.grok.org.uk] On Behalf Of lsi
Sent: Monday, June 14, 2010 12:08 PM
To: full-disclosure@...ts.grok.org.uk
Subject: Re: [Full-disclosure] Introducing TGP...

On 14 Jun 2010 at 9:52, Thor (Hammer Of God) wrote:

> You don't think I considered it?  Really?  You think that I would go 
> through the trouble of designing and implenting a standards based 
> encrytion application without considering that it could be cracked?

The USG put a lot more into DES, but that didn't save it.

> You are incorrect. I certainly considered it. I just know that when 
> brute forcing AES256 becomes feasible, a scan of mynpssport will be 
> the last thing on anyone mind.

As the data is archived, an attacker can come back anytime, once they have finished with the interesting stuff... ;)

> How does this differ from SSL, and why do you think I would have to be 
> "live on the wire" to crack it?

It doesn't differ from SSL, which also could be captured and eventually cracked.

> If your entire argument is "it can be cracked at some point" then you 
> argue against *any* type of encrytion.

I'm saying security is an onion, and by posting your ciphertext you are irreversibly removing several layers of it.  Surely it's better to keep the ciphertext inaccessible, this way an attacker has to get access to it, in addition to cracking it.

Stu

---
Stuart Udall
stuart at@...erdelix.dot net - http://www.cyberdelix.net/

---
 * Origin: lsi: revolution through evolution (192:168/0.2)

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ