From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([69.77.167.62] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1KBbYY-0005Ko-Ip for garchives@archives.gentoo.org; Wed, 25 Jun 2008 20:25:30 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 3EEF9E03E9; Wed, 25 Jun 2008 20:25:28 +0000 (UTC) Received: from QMTA07.westchester.pa.mail.comcast.net (qmta07.westchester.pa.mail.comcast.net [76.96.62.64]) by pigeon.gentoo.org (Postfix) with ESMTP id 13FF0E03E9 for ; Wed, 25 Jun 2008 20:25:27 +0000 (UTC) Received: from OMTA01.westchester.pa.mail.comcast.net ([76.96.62.11]) by QMTA07.westchester.pa.mail.comcast.net with comcast id iEv21Z00D0EZKEL570NK00; Wed, 25 Jun 2008 20:25:27 +0000 Received: from [68.61.219.200] ([68.61.219.200]) by OMTA01.westchester.pa.mail.comcast.net with comcast id iLRN1Z0014L0yh83MLRRRn; Wed, 25 Jun 2008 20:25:25 +0000 X-Authority-Analysis: v=1.0 c=1 a=JN1OLPh-zVUA:10 a=zXUnsmeS2A4A:10 a=k1i9AfKMQ2-MHXi8mR8A:9 a=k8PQRp8Zv6oXMsdKK9T9Bv86ImEA:4 a=si9q_4b84H0A:10 a=rPt6xJ-oxjAA:10 Message-ID: <4862A9AE.1030909@comcast.net> Date: Wed, 25 Jun 2008 16:25:18 -0400 From: Chris Walters User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.14) Gecko/20080421 Thunderbird/2.0.0.14 Mnenhy/0.7.5.666 Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 To: gentoo-user@lists.gentoo.org Subject: Re: [gentoo-user] loop-aes + extra-ciphers... References: <4861AB64.9000709@comcast.net> <20080625162022.5c4d5e35@ilievnet.com> <486260CC.109@comcast.net> <200806252051.41624.basti.wiesner@gmx.net> In-Reply-To: <200806252051.41624.basti.wiesner@gmx.net> X-Enigmail-Version: 0.95.6 Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-Archives-Salt: 7f234f91-e86a-478d-ad56-28add11b4194 X-Archives-Hash: e7a9939864a23b0b04250f663b4711e9 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Sebastian Wiesner wrote: | Chris Walters at Wednesday 25 June 2008, 17:14:20 | |> | Rumor has it that the three-letter agencies (CIA, KGB, M.A.V.O. [2], |> | etc) can break those algorithms relatively easy. On the other hand even |> | weaker algorithms can protect your data against laptop thieves. | | You had better used the acronym FUD instead of the word "rumor". US | government itself has declared Rijndael 256 sufficient for classified | information up to top secret. This level of security is shared among all | AES finalists like RC6 or Serpent. | |> That's more than a rumor. Another three letter agency (NSA) has networks |> of supercomputers that can brute force a passphrase is little time. | | Bruteforcing a _passphrase_ is not the same as bruteforcing a key. An both | of these don't have nothing to do with the algorithm itself. They are | side-attacks ... a weak passphrase is user idiocity, not a cipher | weakness. | |> It is not that I'm terribly paranoid about people getting my data, I just |> want to make it a little harder. | | What's the point in making the impossible even harder? | |> Of course, it is always possible to insert code that will send the |> unencrypted data, once you've logged on - not easy for the casual user, |> but for the guru, an easy thing. | | That's operating system security and has nothing to do with cryptology. | Someone having only your hard disk can't inject a rootkit into the system. Are you a cryptology expert? By the way, nothing is impossible. The only thing that cryptography attempts to do is reduce the **probability** of cracking the key and gaining access to the data as low as possible. As for brute forcing a passphrase: Since most implementations of AES (Rijndael) use a hash of the passphrase to form the key, it amounts to the same thing, in practice, as cracking the key. Cryptology is, at least partly about finding the weakest link, because that is what is likely to be attacked in any cryptosystem. If the weakest link is system security or a weak passphrase, then that weakness translates to a weakness in anything encrypted in such an environment. The US Government only keeps classified information on non-networked computers in secure environments, so the cipher used does not matter as much as the other security measures taken to ensure that the data does not fall into the wrong hands. A final thought: It is a fact that both the US Navy and the NSA are *very* interested in cryptology and data security. The NSA also does have large networks of supercomputers that, using parallel, distributed or concurrent computing principles can crack keys more quickly than you may think. Regards, Chris -----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJIYqmqAAoJEIAhA8M9p9DAIo8P/A17VwmkVsscVgfFzpCVDQbw 69WHMmoUvn5GasVRiM2JUi2UeEDpzCuLNxYlQglFWhyvsbplV3aiJmtzVdbEitsK hpf7Jt0wNvzi25Cye/j2DJlkGh7PTGRCkrMkoirgg+JTSFC21TzAnJZSUQH3Zhv8 Inb1C53jl8/RV1KTdPOX2W/hNo1VCPfpFnhxhad8fzj59pM1UwMVktwAQtO1JmOW fQm3/mSbeLyr0L5ZKPlc5shao/QVZ7Zo9xTDU8PFrBCmmt93MODGdbaOY7IsCmsl 6vWfWi1suV1a9ptPpU9ohn7YZtHlEboRMb4/mHCsj46SsI9cOo1KVLpqfiQZxd1t U1niZU8Cb67+cvEDcQ/q1eIGDMza01NR8UxtF66vHB8WrGKpLYs+ckHqJg9+hgF5 nUiY2RHeyNd3lh4vUWCY15Kh9OfK/LlL9IvGZV2Vpc066aa/EfC3AyiSSc+cMMx9 r4GQijL3wfKaDY9OUh6hJZcSZpBNTZezQ1sNZNMOm0TgDLGtJNMv5ltHjtZnxmbC Fus0IRrQVYvXT8ADZW80Ic256RWtUvn73WjBevYswa2T/Oc3o/NWc2sMrxEg8FVs a7nCa4ErSKIWRbMHTuTZLO3l6+XXjXm0sHk0qQ4JfFNkoV4gyMZq36HelAb2GsRu 7NJKaZIXlOCuNiYByLfp =wp+F -----END PGP SIGNATURE----- -- gentoo-user@lists.gentoo.org mailing list