-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Mon, 14 Jun 2010 09:52:12 -0700 "Thor (Hammer Of God)" <[email protected]> wrote:
> You don't think I considered it? Really? You think that I would go > through the trouble of designing and implenting a standards based > encrytion application without considering that it could be cracked? > > You are incorrect. I certainly considered it. I just know that when > brute forcing AES256 becomes feasible, a scan of mynpssport will be > the last thing on anyone mind. Brute forcing AES256 will never be feasible. Factoring your RSA key will be -- soon too. > > How does this differ from SSL, and why do you think I would have to > be "live on the wire" to crack it? > > If your entire argument is "it can be cracked at some point" then > you argue against *any* type of encrytion. > > Postulative statements in the obvious are a waste of people's time. > > T You're using a 1024 bit key here which seems a bit gutsy ;-) Without better attacks, you basically have: Brute force AES 256 -> O(2^256) Bruce force your 20 char password -> roughly O(2^(20*7)) == O(2^140) Factor your 1024 bit public modulus -> roughly O(2^80) Since a 768 bit RSA key has already been factored I'd say you only have a few years before a moderately sized cluster could factor your public key. Of course, as I write this I realize I'm about to sign this message with a 1024 bit DSA key... Brandon -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.15 (GNU/Linux) iEYEARECAAYFAkwZSvkACgkQqaGPzAsl94JK4ACdGT1kX/nKOhR1Ko4UcqHVVW0N F/4An1+n1k1MqKOKQ8QV4Hc2GjLvR6eO =AXX2 -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
