Chris Walters <[EMAIL PROTECTED]> at Wednesday 25 June 2008, 17:14:20
> | Rumor has it that the three-letter agencies (CIA, KGB, M.A.V.O. [2],
> | etc) can break those algorithms relatively easy. On the other hand even
> | weaker algorithms can protect your data against laptop thieves.
You had better used the acronym FUD instead of the word "rumor". US
government itself has declared Rijndael 256 sufficient for classified
information up to top secret. This level of security is shared among all
AES finalists like RC6 or Serpent.
> That's more than a rumor. Another three letter agency (NSA) has networks
> of supercomputers that can brute force a passphrase is little time.
Bruteforcing a _passphrase_ is not the same as bruteforcing a key. An both
of these don't have nothing to do with the algorithm itself. They are
side-attacks ... a weak passphrase is user idiocity, not a cipher
weakness.
> It is not that I'm terribly paranoid about people getting my data, I just
> want to make it a little harder.
What's the point in making the impossible even harder?
> Of course, it is always possible to insert code that will send the
> unencrypted data, once you've logged on - not easy for the casual user,
> but for the guru, an easy thing.
That's operating system security and has nothing to do with cryptology.
Someone having only your hard disk can't inject a rootkit into the system.
--
Freedom is always the freedom of dissenters.
(Rosa Luxemburg)
signature.asc
Description: This is a digitally signed message part.
