Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Tue, 30 Jul 2019 18:47:44 +0200
From: "Johny Krekan" <krekan@...nykrekan.com>
To: "john-users@...ts.openwall.com" <john-users@...ts.openwall.com>
Subject: Re: Question for experienced cryptographers

Thanx for your post .
What hardware did you use in your test where you wanted to crack your hash?
Johny
>
>Eric Oyen eric.oyen@...il.com
>30. 7. 2019 03:51
>
>The fact of the matter is, AES with bit sizes greater than 256 is still 
the 
>best encryption standard there is.
>As for the criminal enterprise involved:
>Well, they may have made it rather difficult, but there is no such thing 
as 
>impossible.
>Rule 1: there is no such thing as absolute security
>Rule 2: if the same key and encryption gets used more than once, it’s 
chances 
>of being cracked go up a lot. (One time pads are still the most secure 
methods)
>Rule 3: some types of encryption can be broken with the use of large 
cluster 
>farms. Believe me, the NSA has one such up in Utah. Also, if there is any 
kind 
>of access to the program sources, There might be a solution gained from 
that. 
>Given the above, AES and 3DES are still the best methods to use.
>Unfortunately, those two methods have one glaring security hole, you have 
to 
>share the key with your intended party and if you don’t have a way to 
securely 
>share it and someone else gets hold of it, well, there goes your security.
>Now, RSA can use those two and because it uses a shared key system where 
there 
>are two keys (public and private), you can share the public key with 
whomever 
>you want. Only the intended recipient will be able to decrypt it, and they 
have 
>to use their own local passphrase to do it. I know, I use it here myself 
and I 
>have run JTR on one sample I created using 4096 bits encryption with a 
2048 bit 
>key-space. So far, after more than a year of steady cracking, JTR has yet 
to 
>get it.
>Now, one rule of encryption is this: depending on the value of information 
over 
>time, the longer it takes to crack, the lower the value of the information 
>becomes. Information in todays world has a shelf life, and it’s an even 
shorter 
>one where criminals are concerned.
>So, if the police in the countries mentioned can’t crack it, they can 
always 
>come to the NSA for help, or they can try the FSB in Russia. Either way, 
they 
>will have to admit they are way outside their ability on this one.
>-Eric
>> On Jul 30, 2019, at 2:59 AM, Johny Krekan <krekan@...nykrekan.com> wrote:
>> 
>> Hello, I would like to ask whether someone of you (for example 
>> Solardesigner as a John author) could estimate what is the real security 
of 
>> an applications like Threema. The webpage states that encryption 
mechanism 
>> used by this software should be secure enough and there is no chance for 
>> people to break and decrypt communication between persons which are 
using 
>> this software. What do you think what method could be used by agencyes 
to 
>> decrypt communication between criminals in Slovakia which are now bein 
>> judged in most watched process in this time? The news stated that the 
>> threema was used to encode their communication and then the news stated 
>> that the communication was succesfully decrypted.
>> I am looking to see your opinions about the security of such softwares.
>> Nice day
>> Johny Krekan

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.