| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 14 Jun 2010 14:16:14 +0200 From: Christian Sciberras <uuf6429@...il.com> To: stuart@...erdelix.net Cc: Full-disclosure@...ts.grok.org.uk Subject: Re: Introducing TGP... > The basic flaw, to me, seems to be your erroneous assumption that the > enemy has symmetric compute capability to yourself. Once you give > the enemy a copy of your data, even if it is encrypted, you are > opening the door to them using some hyper-core, quantum-cooled super- > fandango against your crypto, and you give them all the time in the > world to do it. You cannot decrypt what is not encrypted. No one said you have to play fair on the grounds of security. On Mon, Jun 14, 2010 at 1:51 PM, lsi <stuart@...erdelix.net> wrote: > On 14 Jun 2010 at 4:23, Thor (Hammer of God) wrote: > >> >> create a private key with a strong password, post that, and then, say, >> >> encrypt a scan of your passport and post that. >> > >> >So, I think this is a dumb idea... :) > > The basic flaw, to me, seems to be your erroneous assumption that the > enemy has symmetric compute capability to yourself. Once you give > the enemy a copy of your data, even if it is encrypted, you are > opening the door to them using some hyper-core, quantum-cooled super- > fandango against your crypto, and you give them all the time in the > world to do it. > > Also, you will only have available, in the cloud-solution you offer, > archival copies of the data. The latest versions will only be on > your machine. > > While SSH datastreams might be captured and eventually decrypted, the > attacker must have access to your wire. If you post your datastream > all over the net, they don't need that. SSH also provides access to > live data and is already available on many platforms.... > > Stu > > --- > Stuart Udall > stuart at@...erdelix.dot net - http://www.cyberdelix.net/ > > --- > * Origin: lsi: revolution through evolution (192:168/0.2) > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists