"Jason Rivard" <[EMAIL PROTECTED]> at Wednesday 25 June 2008, 23:53:23 > > > The only thing that cryptography attempts to do is reduce the > > > **probability** of cracking the key and gaining access to the data as > > > low as possible. > > > > No news. That's, why cryptology defines "security" not as "being > > impossible > > to crack", but as "being sufficiently improbable to crack". The only > > cipher, that can't be "brute-forced", is the OTP, which is > > considered "perfectly secure". > > There is no such thing as perfectly secure,
A OTP cannot be broken using brute force, so the term "perfectly secure"
fits here, imho, at least a bit ;)
> > In such a case, the question is, if the data, you ciphered, is really
> > worth the effort of putting a super computer into work for a long time
> > to try any possible passphrase.
>
> Mr. Walters' claim is not that they would put a single super-computer to
> decrypting it, but a "network of supercomputers".
Does that difference really matter for ciphers like AES or at least for
brute-force attacks on random 256-bit keys?
> I truly don't think you
> have to worry about that occurring, unless you are deemed a danger to US
> National Security. Even then, AES is very hard to crack. The major
> weakness is the person who encrypts the data. Under questioning, most
> will give up their keys.
>
> > > Cryptology is, at least partly about finding the weakest link,
> > > because that is what is likely to be attacked in any cryptosystem.
> >
> > Of course, absolutely true. Hard disk encryption is by far not
> > perfect, just look at the cold boot attacks that gained public interest
> > in the last time. But you didn't talk of _cryptosystems_ in your
> > previous posts, you did talk about _algorithms_.
>
> By themselves algorithms are relatively useless. It is only the
> application of those algorithms that make them useful.
Still, there is a difference between the algorithm as such and a
cryptosystem applying this algorithm.
Btw, apart from general stuff like weak passphrases, that apply to most
cryptosystems, really bad leaks often came from weak algorithms. Consider
WEP.
> > > A final thought: It is a fact that both the US Navy and the NSA are
> > > *very* interested in cryptology and data security. The NSA also does
> > > have large networks of supercomputers that, using parallel,
> > > distributed or concurrent computing principles can crack keys more
> > > quickly than you may think.
> >
> > You can use simple mathematics to find out, that even the largest super
> > computers, having one peta flop, needs millions of years to perform an
> > exhaustive search through AES key space.
> >
> > Anyway, you may believe, what you want to believe, I'm just reflecting,
> > what
> > real experts like Bruce Schneier have been telling for years: It's
> > wrong to trust into simple ciphers, but it's equally wrong, to believe,
> > that anything can be broken.
>
> It is equally wrong to believe that any cipher is immune to attack
I don't and I did not say so, things like the Debian disaster bring you back
to reality from dreams ...
--
Freedom is always the freedom of dissenters.
(Rosa Luxemburg)
signature.asc
Description: This is a digitally signed message part.
