lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <4C167DF6.14956.10591AF6@stuart.cyberdelix.net>
Date: Mon, 14 Jun 2010 20:07:34 +0100
From: "lsi" <stuart@...erdelix.net>
To: full-disclosure@...ts.grok.org.uk
Subject: Re: Introducing TGP...

On 14 Jun 2010 at 9:52, Thor (Hammer Of God) wrote:

> You don't think I considered it?  Really?  You think that I would go  
> through the trouble of designing and implenting a standards based  
> encrytion application without considering that it could be cracked?

The USG put a lot more into DES, but that didn't save it.

> You are incorrect. I certainly considered it. I just know that when  
> brute forcing AES256 becomes feasible, a scan of mynpssport will be  
> the last thing on anyone mind.

As the data is archived, an attacker can come back anytime, once they 
have finished with the interesting stuff... ;)

> How does this differ from SSL, and why do you think I would have to be  
> "live on the wire" to crack it?

It doesn't differ from SSL, which also could be captured and 
eventually cracked.

> If your entire argument is "it can be cracked at some point" then you  
> argue against *any* type of encrytion.

I'm saying security is an onion, and by posting your ciphertext you 
are irreversibly removing several layers of it.  Surely it's better 
to keep the ciphertext inaccessible, this way an attacker has to get 
access to it, in addition to cracking it.

Stu

---
Stuart Udall
stuart at@...erdelix.dot net - http://www.cyberdelix.net/

--- 
 * Origin: lsi: revolution through evolution (192:168/0.2)

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ