From: "Aaron P Ingebrigtsen" <[EMAIL PROTECTED]>
> On Thu, 31 May 2001 07:45:40 -0500 "Mathew Ryden" <[EMAIL PROTECTED]>
> writes:
> > then you are seeing the effect of someone who didn't use an
> > algorithm
> > optomized for speed. if you do a similar thing with PGP you'll
> > notice it's
> > much faster - pgp also has installed things to make finding the
> > password
> > more difficult and from knowing how full an archive is -- I doubt
> > UC2 has
> > such stringent standards.
>
> I don't want speed, I want security. If I have to wait longer for better
> security, fine. :)
You are running a program with unoptomized code in it. The additional wait
doesn't mean it's any secure, it just shows how much more effort the PGP
people spent in making their program easily usable. PGP is known around the
world to be secure - the 2.6.5 source is publically available (in book form
no less! :). UC2 is not known for it's security - there have been no
external source audits. Until those are done I wouldn't store anything
important in there like... anything.
> Also, I tried to encrypt with PGP and it restarted three times before it
> got 10% done. What do I do?
I don't know. :)
> > well, I'm 95% sure that each of Rand1 and Rand2 are 56 bits but I
> > can't be
> > bothered to double check for sure.
>
> Well, you could look at UC2 yourself and test it's capabilities instead
> of telling me what you THINK it's capabilities are. :)
That would require an expenditure of resources I'm not about to take.
Becuase I highly doubt UC2 would tell me if it's using 56 or 64 bits of
encryption - later checking in AC has indeed shown me that DESede is indeed
112 bit encryption - not looking good on the security side for UC2.
> I will agree with you that the more bits are used for the encryption key
> the better. :)
>
> In PGP the best passphrase is the longest and most complex, yet still
> rememberable passphrase. :)
>
> In UC2 the best password is generated by a random password generator and
> is very difficult to remember. And the longer the password the better.
>
> How would you do a brute force attack successfully against a UE2
> encrypted archive? Do you just setup a program that generates passwords
> till it finds the right one, or is there a way to crack open the file and
> figure out the password from the content of the file?
Get the source first. Until then this portion of the discussion has never
been opened.
-Mathew
_______________________________________________
Chat mailing list
[EMAIL PROTECTED]
http://lists.freenetproject.org/mailman/listinfo/chat
