Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <2cb9800b7dbe11f880475367a8210ece@smtp.hushmail.com>
Date: Wed, 29 Jan 2014 21:55:02 +0100
From: magnum <john.magnum@...hmail.com>
To: john-users@...ts.openwall.com
Subject: Re: Honey Encryption

On 2014-01-29 20:47, Rich Rumble wrote:
> http://www.technologyreview.com/news/523746/honey-encryption-will-bamboozle-attackers-with-fake-secrets/

Truecrypt, for example, has had ability to store *one* alternate 
filesystem with *an* alternate passphrase for years. Maybe it can be 
more than one, but very few.

But I really can't see how the *each* in "each incorrect attempt to 
decrypt a vault would yield a fake one instead" would be implemented 
unless it's just smoke and mirrors in the legitimate client (eg. a disk 
encryption program). If you use JtR instead of the legitimate client 
you'd not be fooled so this is just snake oil. Hopefully I'm wrong but 
then I'd really appreciate a technical explanation.

> I didn't think much of the technique, but I remembered some Zip files
> (aes256) false positive just like this and I had to re-think my position.
>
> If it's combining bcrypt/scrypt "speed" and giving you those FP's then
> maybe. Again it's encryption not hashing so it's more like the zip example
> I guess.
> http://www.openwall.com/lists/john-users/2011/09/21/7
> I haven't checked a recent version of John out, does AES256 zip still FP?

Yes, and it's frequent enough the format is more or less unusable. It's 
been moved to the broken/ subdirectory for now.

magnum


Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.