Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Tue, 30 Jul 2019 18:47:44 +0200
From: "Johny Krekan" <>
To: "" <>
Subject: Re: Question for experienced cryptographers

Thanx for your post .
What hardware did you use in your test where you wanted to crack your hash?
>Eric Oyen
>30. 7. 2019 03:51
>The fact of the matter is, AES with bit sizes greater than 256 is still 
>best encryption standard there is.
>As for the criminal enterprise involved:
>Well, they may have made it rather difficult, but there is no such thing 
>Rule 1: there is no such thing as absolute security
>Rule 2: if the same key and encryption gets used more than once, it’s 
>of being cracked go up a lot. (One time pads are still the most secure 
>Rule 3: some types of encryption can be broken with the use of large 
>farms. Believe me, the NSA has one such up in Utah. Also, if there is any 
>of access to the program sources, There might be a solution gained from 
>Given the above, AES and 3DES are still the best methods to use.
>Unfortunately, those two methods have one glaring security hole, you have 
>share the key with your intended party and if you don’t have a way to 
>share it and someone else gets hold of it, well, there goes your security.
>Now, RSA can use those two and because it uses a shared key system where 
>are two keys (public and private), you can share the public key with 
>you want. Only the intended recipient will be able to decrypt it, and they 
>to use their own local passphrase to do it. I know, I use it here myself 
and I 
>have run JTR on one sample I created using 4096 bits encryption with a 
2048 bit 
>key-space. So far, after more than a year of steady cracking, JTR has yet 
>get it.
>Now, one rule of encryption is this: depending on the value of information 
>time, the longer it takes to crack, the lower the value of the information 
>becomes. Information in todays world has a shelf life, and it’s an even 
>one where criminals are concerned.
>So, if the police in the countries mentioned can’t crack it, they can 
>come to the NSA for help, or they can try the FSB in Russia. Either way, 
>will have to admit they are way outside their ability on this one.
>> On Jul 30, 2019, at 2:59 AM, Johny Krekan <> wrote:
>> Hello, I would like to ask whether someone of you (for example 
>> Solardesigner as a John author) could estimate what is the real security 
>> an applications like Threema. The webpage states that encryption 
>> used by this software should be secure enough and there is no chance for 
>> people to break and decrypt communication between persons which are 
>> this software. What do you think what method could be used by agencyes 
>> decrypt communication between criminals in Slovakia which are now bein 
>> judged in most watched process in this time? The news stated that the 
>> threema was used to encode their communication and then the news stated 
>> that the communication was succesfully decrypted.
>> I am looking to see your opinions about the security of such softwares.
>> Nice day
>> Johny Krekan

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.