Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Wed, 31 Jul 2019 13:23:05 -0700
From: Eric Oyen <>
Subject: Re: Question for experienced cryptographers

Actually, I used a small cluster of machines here with open_CL. The primary host is a Mac mini and I have 2 desktop machines with recent vintage Nvidia cards and loads of ram. I also incorporated 3 laptops into the mess. I know, it’s a hodge podge, but it works reasonably well under most circumstances. Basically, it’s a spare parts cluster. :_)

I tried with GaveGrohl on the Mac first, which gave me the clue as to how long it might take. Then I went on to use JTR for the actual cracking. I also setup a sample file with a number of password hashes of varying types. Some were easier to crack than others. The primary one I created has still not been cracked.

From the Central offices of the Technomage Guild, cracking dept.

> On Jul 30, 2019, at 9:47 AM, Johny Krekan <> wrote:
> Thanx for your post .
> What hardware did you use in your test where you wanted to crack your hash?
> Johny
>> Eric Oyen
>> 30. 7. 2019 03:51
>> The fact of the matter is, AES with bit sizes greater than 256 is still 
> the 
>> best encryption standard there is.
>> As for the criminal enterprise involved:
>> Well, they may have made it rather difficult, but there is no such thing 
> as 
>> impossible.
>> Rule 1: there is no such thing as absolute security
>> Rule 2: if the same key and encryption gets used more than once, it’s 
> chances 
>> of being cracked go up a lot. (One time pads are still the most secure 
> methods)
>> Rule 3: some types of encryption can be broken with the use of large 
> cluster 
>> farms. Believe me, the NSA has one such up in Utah. Also, if there is any 
> kind 
>> of access to the program sources, There might be a solution gained from 
> that. 
>> Given the above, AES and 3DES are still the best methods to use.
>> Unfortunately, those two methods have one glaring security hole, you have 
> to 
>> share the key with your intended party and if you don’t have a way to 
> securely 
>> share it and someone else gets hold of it, well, there goes your security.
>> Now, RSA can use those two and because it uses a shared key system where 
> there 
>> are two keys (public and private), you can share the public key with 
> whomever 
>> you want. Only the intended recipient will be able to decrypt it, and they 
> have 
>> to use their own local passphrase to do it. I know, I use it here myself 
> and I 
>> have run JTR on one sample I created using 4096 bits encryption with a 
> 2048 bit 
>> key-space. So far, after more than a year of steady cracking, JTR has yet 
> to 
>> get it.
>> Now, one rule of encryption is this: depending on the value of information 
> over 
>> time, the longer it takes to crack, the lower the value of the information 
>> becomes. Information in todays world has a shelf life, and it’s an even 
> shorter 
>> one where criminals are concerned.
>> So, if the police in the countries mentioned can’t crack it, they can 
> always 
>> come to the NSA for help, or they can try the FSB in Russia. Either way, 
> they 
>> will have to admit they are way outside their ability on this one.
>> -Eric
>>> On Jul 30, 2019, at 2:59 AM, Johny Krekan <> wrote:
>>> Hello, I would like to ask whether someone of you (for example 
>>> Solardesigner as a John author) could estimate what is the real security 
> of 
>>> an applications like Threema. The webpage states that encryption 
> mechanism 
>>> used by this software should be secure enough and there is no chance for 
>>> people to break and decrypt communication between persons which are 
> using 
>>> this software. What do you think what method could be used by agencyes 
> to 
>>> decrypt communication between criminals in Slovakia which are now bein 
>>> judged in most watched process in this time? The news stated that the 
>>> threema was used to encode their communication and then the news stated 
>>> that the communication was succesfully decrypted.
>>> I am looking to see your opinions about the security of such softwares.
>>> Nice day
>>> Johny Krekan

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.