"Jason Rivard" <[EMAIL PROTECTED]> at Wednesday 25 June 2008, 23:53:23 > > > The only thing that cryptography attempts to do is reduce the > > > **probability** of cracking the key and gaining access to the data as > > > low as possible. > > > > No news. That's, why cryptology defines "security" not as "being > > impossible > > to crack", but as "being sufficiently improbable to crack". The only > > cipher, that can't be "brute-forced", is the OTP, which is > > considered "perfectly secure". > > There is no such thing as perfectly secure,
A OTP cannot be broken using brute force, so the term "perfectly secure" fits here, imho, at least a bit ;) > > In such a case, the question is, if the data, you ciphered, is really > > worth the effort of putting a super computer into work for a long time > > to try any possible passphrase. > > Mr. Walters' claim is not that they would put a single super-computer to > decrypting it, but a "network of supercomputers". Does that difference really matter for ciphers like AES or at least for brute-force attacks on random 256-bit keys? > I truly don't think you > have to worry about that occurring, unless you are deemed a danger to US > National Security. Even then, AES is very hard to crack. The major > weakness is the person who encrypts the data. Under questioning, most > will give up their keys. > > > > Cryptology is, at least partly about finding the weakest link, > > > because that is what is likely to be attacked in any cryptosystem. > > > > Of course, absolutely true. Hard disk encryption is by far not > > perfect, just look at the cold boot attacks that gained public interest > > in the last time. But you didn't talk of _cryptosystems_ in your > > previous posts, you did talk about _algorithms_. > > By themselves algorithms are relatively useless. It is only the > application of those algorithms that make them useful. Still, there is a difference between the algorithm as such and a cryptosystem applying this algorithm. Btw, apart from general stuff like weak passphrases, that apply to most cryptosystems, really bad leaks often came from weak algorithms. Consider WEP. > > > A final thought: It is a fact that both the US Navy and the NSA are > > > *very* interested in cryptology and data security. The NSA also does > > > have large networks of supercomputers that, using parallel, > > > distributed or concurrent computing principles can crack keys more > > > quickly than you may think. > > > > You can use simple mathematics to find out, that even the largest super > > computers, having one peta flop, needs millions of years to perform an > > exhaustive search through AES key space. > > > > Anyway, you may believe, what you want to believe, I'm just reflecting, > > what > > real experts like Bruce Schneier have been telling for years: It's > > wrong to trust into simple ciphers, but it's equally wrong, to believe, > > that anything can be broken. > > It is equally wrong to believe that any cipher is immune to attack I don't and I did not say so, things like the Debian disaster bring you back to reality from dreams ... -- Freedom is always the freedom of dissenters. (Rosa Luxemburg)
signature.asc
Description: This is a digitally signed message part.