lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <4C1608CE.25919.E8F7752@stuart.cyberdelix.net>
Date: Mon, 14 Jun 2010 11:47:42 +0100
From: "lsi" <stuart@...erdelix.net>
To: full-disclosure@...ts.grok.org.uk
Subject: Re: Introducing TGP...

On 14 Jun 2010 at 4:23, Thor (Hammer of God) wrote:

> >> create a private key with a strong password, post that, and then, say,
> >> encrypt a scan of your passport and post that.
> >
> >So, I think this is a dumb idea... :)
> >
> >You might think your crypto is secure right now, but in 5 years there might be
> >a big hole in it.  If copies of your passport are floating about on the net, you
> >can't even delete them, and certainly cannot prevent anyone using the new
> >crack against your old crypto.
> 
> Of course you think it's a dumb idea.  But according to you, in 3
> years, all the computers in the world will screech to a grinding halt
> because of what Symantec says are "new threats."   How can anyone use
> the "new crack" when they can't turn their computers on?

No, only Windows machines will be grinding to a halt.  OTOH, my sleek 
unix boxen will be whizzing along nicely.... just waiting for some 
interesting work to do, such as cracking some files protected by 
ancient crypto.  

Even if nobody finds a weakness in the algorithm you used, 5 years 
from now I will probably have enough spare CPU to brute-force it 
using my mobile phone....

If you were posting docs with a shorter shelf-life there would be 
less danger.  But a passport is always useful.... 

> >If, of course you think I'm speaking tripe, go ahead and post it...
> 
> Here it is!  Go nuts.

That's too small to be a passport scan.

> Timothy has developed and implemented networking and application
> security solutions for institutions such as ... Microsoft .... Timothy
> has been a columnist for Security FocusĀ“ Microsoft section, 

Uh-huh....

Stu

---
Stuart Udall
stuart at@...erdelix.dot net - http://www.cyberdelix.net/

--- 
 * Origin: lsi: revolution through evolution (192:168/0.2)

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ