Date: Tue, 30 Jul 2019 18:47:44 +0200 From: "Johny Krekan" <krekan@...nykrekan.com> To: "john-users@...ts.openwall.com" <john-users@...ts.openwall.com> Subject: Re: Question for experienced cryptographers Thanx for your post . What hardware did you use in your test where you wanted to crack your hash? Johny > >Eric Oyen eric.oyen@...il.com >30. 7. 2019 03:51 > >The fact of the matter is, AES with bit sizes greater than 256 is still the >best encryption standard there is. >As for the criminal enterprise involved: >Well, they may have made it rather difficult, but there is no such thing as >impossible. >Rule 1: there is no such thing as absolute security >Rule 2: if the same key and encryption gets used more than once, it’s chances >of being cracked go up a lot. (One time pads are still the most secure methods) >Rule 3: some types of encryption can be broken with the use of large cluster >farms. Believe me, the NSA has one such up in Utah. Also, if there is any kind >of access to the program sources, There might be a solution gained from that. >Given the above, AES and 3DES are still the best methods to use. >Unfortunately, those two methods have one glaring security hole, you have to >share the key with your intended party and if you don’t have a way to securely >share it and someone else gets hold of it, well, there goes your security. >Now, RSA can use those two and because it uses a shared key system where there >are two keys (public and private), you can share the public key with whomever >you want. Only the intended recipient will be able to decrypt it, and they have >to use their own local passphrase to do it. I know, I use it here myself and I >have run JTR on one sample I created using 4096 bits encryption with a 2048 bit >key-space. So far, after more than a year of steady cracking, JTR has yet to >get it. >Now, one rule of encryption is this: depending on the value of information over >time, the longer it takes to crack, the lower the value of the information >becomes. Information in todays world has a shelf life, and it’s an even shorter >one where criminals are concerned. >So, if the police in the countries mentioned can’t crack it, they can always >come to the NSA for help, or they can try the FSB in Russia. Either way, they >will have to admit they are way outside their ability on this one. >-Eric >> On Jul 30, 2019, at 2:59 AM, Johny Krekan <krekan@...nykrekan.com> wrote: >> >> Hello, I would like to ask whether someone of you (for example >> Solardesigner as a John author) could estimate what is the real security of >> an applications like Threema. The webpage states that encryption mechanism >> used by this software should be secure enough and there is no chance for >> people to break and decrypt communication between persons which are using >> this software. What do you think what method could be used by agencyes to >> decrypt communication between criminals in Slovakia which are now bein >> judged in most watched process in this time? The news stated that the >> threema was used to encode their communication and then the news stated >> that the communication was succesfully decrypted. >> I am looking to see your opinions about the security of such softwares. >> Nice day >> Johny Krekan
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.