Date: Wed, 31 Jul 2019 13:23:05 -0700 From: Eric Oyen <eric.oyen@...il.com> To: john-users@...ts.openwall.com Subject: Re: Question for experienced cryptographers Actually, I used a small cluster of machines here with open_CL. The primary host is a Mac mini and I have 2 desktop machines with recent vintage Nvidia cards and loads of ram. I also incorporated 3 laptops into the mess. I know, it’s a hodge podge, but it works reasonably well under most circumstances. Basically, it’s a spare parts cluster. :_) I tried with GaveGrohl on the Mac first, which gave me the clue as to how long it might take. Then I went on to use JTR for the actual cracking. I also setup a sample file with a number of password hashes of varying types. Some were easier to crack than others. The primary one I created has still not been cracked. -Eric From the Central offices of the Technomage Guild, cracking dept. > On Jul 30, 2019, at 9:47 AM, Johny Krekan <krekan@...nykrekan.com> wrote: > > Thanx for your post . > What hardware did you use in your test where you wanted to crack your hash? > Johny >> >> Eric Oyen eric.oyen@...il.com >> 30. 7. 2019 03:51 >> >> The fact of the matter is, AES with bit sizes greater than 256 is still > the >> best encryption standard there is. >> As for the criminal enterprise involved: >> Well, they may have made it rather difficult, but there is no such thing > as >> impossible. >> Rule 1: there is no such thing as absolute security >> Rule 2: if the same key and encryption gets used more than once, it’s > chances >> of being cracked go up a lot. (One time pads are still the most secure > methods) >> Rule 3: some types of encryption can be broken with the use of large > cluster >> farms. Believe me, the NSA has one such up in Utah. Also, if there is any > kind >> of access to the program sources, There might be a solution gained from > that. >> Given the above, AES and 3DES are still the best methods to use. >> Unfortunately, those two methods have one glaring security hole, you have > to >> share the key with your intended party and if you don’t have a way to > securely >> share it and someone else gets hold of it, well, there goes your security. >> Now, RSA can use those two and because it uses a shared key system where > there >> are two keys (public and private), you can share the public key with > whomever >> you want. Only the intended recipient will be able to decrypt it, and they > have >> to use their own local passphrase to do it. I know, I use it here myself > and I >> have run JTR on one sample I created using 4096 bits encryption with a > 2048 bit >> key-space. So far, after more than a year of steady cracking, JTR has yet > to >> get it. >> Now, one rule of encryption is this: depending on the value of information > over >> time, the longer it takes to crack, the lower the value of the information >> becomes. Information in todays world has a shelf life, and it’s an even > shorter >> one where criminals are concerned. >> So, if the police in the countries mentioned can’t crack it, they can > always >> come to the NSA for help, or they can try the FSB in Russia. Either way, > they >> will have to admit they are way outside their ability on this one. >> -Eric >>> On Jul 30, 2019, at 2:59 AM, Johny Krekan <krekan@...nykrekan.com> wrote: >>> >>> Hello, I would like to ask whether someone of you (for example >>> Solardesigner as a John author) could estimate what is the real security > of >>> an applications like Threema. The webpage states that encryption > mechanism >>> used by this software should be secure enough and there is no chance for >>> people to break and decrypt communication between persons which are > using >>> this software. What do you think what method could be used by agencyes > to >>> decrypt communication between criminals in Slovakia which are now bein >>> judged in most watched process in this time? The news stated that the >>> threema was used to encode their communication and then the news stated >>> that the communication was succesfully decrypted. >>> I am looking to see your opinions about the security of such softwares. >>> Nice day >>> Johny Krekan
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.