lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <AANLkTinc-euZnw6vNY4QxwvjnZjR3MYC5jmeukcGXcex@mail.gmail.com>
Date: Mon, 14 Jun 2010 14:16:14 +0200
From: Christian Sciberras <uuf6429@...il.com>
To: stuart@...erdelix.net
Cc: Full-disclosure@...ts.grok.org.uk
Subject: Re: Introducing TGP...

> The basic flaw, to me, seems to be your erroneous assumption that the
> enemy has symmetric compute capability to yourself.  Once you give
> the enemy a copy of your data, even if it is encrypted, you are
> opening the door to them using some hyper-core, quantum-cooled super-
> fandango against your crypto, and you give them all the time in the
> world to do it.

You cannot decrypt what is not encrypted.
No one said you have to play fair on the grounds of security.






On Mon, Jun 14, 2010 at 1:51 PM, lsi <stuart@...erdelix.net> wrote:
> On 14 Jun 2010 at 4:23, Thor (Hammer of God) wrote:
>
>> >> create a private key with a strong password, post that, and then, say,
>> >> encrypt a scan of your passport and post that.
>> >
>> >So, I think this is a dumb idea... :)
>
> The basic flaw, to me, seems to be your erroneous assumption that the
> enemy has symmetric compute capability to yourself.  Once you give
> the enemy a copy of your data, even if it is encrypted, you are
> opening the door to them using some hyper-core, quantum-cooled super-
> fandango against your crypto, and you give them all the time in the
> world to do it.
>
> Also, you will only have available, in the cloud-solution you offer,
> archival copies of the data.  The latest versions will only be on
> your machine.
>
> While SSH datastreams might be captured and eventually decrypted, the
> attacker must have access to your wire.  If you post your datastream
> all over the net, they don't need that.  SSH also provides access to
> live data and is already available on many platforms....
>
> Stu
>
> ---
> Stuart Udall
> stuart at@...erdelix.dot net - http://www.cyberdelix.net/
>
> ---
>  * Origin: lsi: revolution through evolution (192:168/0.2)
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ