Hi,
Chris Jones wrote:
While your brute force decryption is running, how do you determine you
have found the one key and decide it's time to stop?
Among trillions of trillions, when do you know you've hit the jackpot?
And what if you encrypted the result multiple times with a number of
Chris Jones:
On Fri, Feb 27, 2009 at 08:34:25AM EST, Jochen Schulz wrote:
This is a valid question! Depending on the encryption system in use,
it cannot be answered satisfactorily.
I'm not sure it's related to the encryption/decryption process.
What I had in mind when I wrote the
Andrew McGlashan wrote:
And what if you encrypted the result multiple times with a number of
different keys?
Security does not improve so much, actually.
http://en.wikipedia.org/wiki/Meet-in-the-middle_attack
--
Unless you love someone, nothing else makes any sense.
--
hello,
the discussion is really interesting and informative.
there's just something I don't understand.
Jeff Soules wrote:
good.) In any case, with EncFS we're talking about a technological
solution in which the encryption key is stored alongside the encrypted
media, so whatever the
Chris Jones:
I have a naive question.
While your brute force decryption is running, how do you determine you
have found the one key and decide it's time to stop?
This is a valid question! Depending on the encryption system in use,
it cannot be answered satisfactorily. If a one-time pad is
On Fri, Feb 27, 2009 at 08:34:25AM EST, Jochen Schulz wrote:
Chris Jones:
I have a naive question.
While your brute force decryption is running, how do you determine
you have found the one key and decide it's time to stop?
This is a valid question! Depending on the encryption system
On Tue, Feb 24, 2009 at 12:56:00AM EST, Ron Johnson wrote:
On 02/23/2009 08:43 PM, Javier wrote:
[snip]
As I also have read in the Wikipedia, it is reseonable to crack a 56bits
DES, a 64bits AES if you have online access to the machine, and probably
in the future it might be possible to
On 02/26/2009 05:34 PM, Chris Jones wrote:
[snip]
Sorry to revive and already dead thread ..
I have a naive question.
While your brute force decryption is running, how do you determine you
have found the one key and decide it's time to stop?
Among trillions of trillions, when do you know
On Thu, Feb 26, 2009 at 07:11:43PM EST, Ron Johnson wrote:
On 02/26/2009 05:34 PM, Chris Jones wrote:
I have a naive question.
While your brute force decryption is running, how do you determine
you have found the one key and decide it's time to stop?
Among trillions of trillions, when
On 02/26/2009 06:51 PM, Chris Jones wrote:
On Thu, Feb 26, 2009 at 07:11:43PM EST, Ron Johnson wrote:
On 02/26/2009 05:34 PM, Chris Jones wrote:
I have a naive question.
While your brute force decryption is running, how do you determine
you have found the one key and decide it's time to
On 02/26/2009 06:51 PM, Chris Jones wrote:
On Thu, Feb 26, 2009 at 07:11:43PM EST, Ron Johnson wrote:
On 02/26/2009 05:34 PM, Chris Jones wrote:
Among trillions of trillions, when do you know you've hit the
jackpot?
When you can decrypt the document with it?
You don't have access to the
On 02/26/2009 08:32 PM, Chris Jones wrote:
On 02/26/2009 06:51 PM, Chris Jones wrote:
On Thu, Feb 26, 2009 at 07:11:43PM EST, Ron Johnson wrote:
On 02/26/2009 05:34 PM, Chris Jones wrote:
Among trillions of trillions, when do you know you've hit the
jackpot?
When you can decrypt the
On 02/26/2009 08:42 PM, Ron Johnson wrote:
On 02/26/2009 08:32 PM, Chris Jones wrote:
[snip]
Depending on what was encrypted, and given the time, I'm sure I'd be
able to determine, one tentative key at a time, whether the output is
gobbledygook or not.. But even if the original data was in
Original Message
From: cjns1...@gmail.com
To: debian-user@lists.debian.org
Subject: Re: How to protect an encrypted file system for off-line
attack?
Date: Thu, 26 Feb 2009 18:34:40 -0500
On Tue, Feb 24, 2009 at 12:56:00AM EST, Ron Johnson wrote:
On 02/23/2009 08:43 PM, Javier wrote:
On Mon, Feb 23, 2009 at 07:53:54PM EST, Ron Johnson wrote:
On 02/23/2009 06:12 PM, Chris Jones wrote:
On Mon, Feb 23, 2009 at 02:34:26PM EST, Ron Johnson wrote:
Given enough time, and resources, *nothing* is untouchable. It's
just a matter of whether They think that the time-effort is worth
On Mon, Feb 23, 2009 at 03:43:06PM -0500, Celejar wrote:
On Sun, 22 Feb 2009 20:10:57 -0600
Ron Johnson ron.l.john...@cox.net wrote:
On 02/22/2009 07:03 PM, Javier wrote:
...
And which is better, Blowfish or AES?
AES.
Source? Wikipedia just says:
Blowfish provides a good
On 02/24/2009 02:36 AM, Tzafrir Cohen wrote:
[snip]
Anyway, the AES cipher is one that is very well studied. It has been
implemented all over. Just about anybody have tried to attack it and
yet there's no known practical attack on it. It performs well. So it is
^
That's
Original Message
From: javu...@gmail.com
To: debian-user@lists.debian.org
Subject: Re: How to protect an encrypted file system for off-line
attack?
Date: Tue, 24 Feb 2009 03:31:51 +0100
ow...@netptc.net escribió:
Original Message
From: javu...@gmail.com
To:
Original Message
From: ron.l.john...@cox.net
To: debian-user@lists.debian.org
Subject: Re: How to protect an encrypted file system for off-line
attack?
Date: Tue, 24 Feb 2009 04:27:31 -0600
On 02/24/2009 02:36 AM, Tzafrir Cohen wrote:
[snip]
Anyway, the AES cipher is one that is
there's no known practical attack on it. It performs well. So it is
^
That's the word, of course... Any government that discovers a successful
attack is going to keep quiet.
Except in a certain side-channel sense -- any government that
discovers a successful attack on
On 02/24/2009 09:50 AM, ow...@netptc.net wrote:
[snip]
And in fact there always has been suspicion in the crypto community
that, in at least some of the ciphers (going back to the original
DES) that the NSA had built in a trapdoor such that they could
easily decrypt the message but anyone else,
Ron Johnson writes:
[An NSA backdoor in DES successors] would only be possible if The
Government controlled the source code, or had an understanding with
those who write closed-source code.
The claim is stronger than that. It is that there are backdoors in the
algorithms: weaknesses that
On 02/24/2009 12:59 PM, John Hasler wrote:
Ron Johnson writes:
[An NSA backdoor in DES successors] would only be possible if The
Government controlled the source code, or had an understanding with
those who write closed-source code.
The claim is stronger than that. It is that there are
Original Message
From: ron.l.john...@cox.net
To: debian-user@lists.debian.org
Subject: Re: How to protect an encrypted file system for off-line
attack?
Date: Tue, 24 Feb 2009 12:47:15 -0600
On 02/24/2009 09:50 AM, ow...@netptc.net wrote:
[snip]
And in fact there always has been
On 02/24/2009 03:35 PM, ow...@netptc.net wrote:
[snip]
Ron et al
Actually this was the case with the DES; the NSA put out a RFP and
worked with the potential vendors quite closely during the
development. IBM (Tuchman and Myers) eventually won the bid. I
attended a week-long security seminar
On 02/23/2009 01:28 AM, Jordi Gutiérrez Hermoso wrote:
2009/2/21 Javier javu...@gmail.com:
I'm actually using encfs to protect my sensitive data,
Eh...
http://xkcd.com/538/
That's known as Rubber Hose Decryption.
--
Ron Johnson, Jr.
Jefferson LA USA
The feeling of disgust at
Ron Johnson escribió:
On 02/23/2009 01:28 AM, Jordi Gutiérrez Hermoso wrote:
2009/2/21 Javier javu...@gmail.com:
I'm actually using encfs to protect my sensitive data,
Eh...
http://xkcd.com/538/
That's known as Rubber Hose Decryption.
Oh yes, but if he had the chance to scape,
Jeff Soules escribió:
Hi Javier,
Thank you for your reply. Given the hypothetical (but all too
possible) situation you describe, there are different considerations.
Now imagine the worst situation, that a friend wants to protect his data
from his corrupt dictatorial government
Jeff Soules wrote:
...
The most intrusive attacks, where an attacker has complete control of
the user's machine (and can therefor modify EncFS, or FUSE, or the
kernel itself) are not guarded against. Do not assume that encrypted
files will protect your sensitive data if you enter your
2009/2/23 Javier javu...@gmail.com:
The main point here is: if he is lucky enough, no police would enter
into his house.
Since this has become a tinfoil hat thread more than an encryption thread...
My own personal solution to the problem has been this: my hard drive
decryption password is 25
On 02/23/2009 09:26 AM, Javier wrote:
Ron Johnson escribió:
On 02/23/2009 01:28 AM, Jordi Gutiérrez Hermoso wrote:
2009/2/21 Javier javu...@gmail.com:
I'm actually using encfs to protect my sensitive data,
Eh...
http://xkcd.com/538/
That's known as Rubber Hose Decryption.
Oh yes,
On Sun, 22 Feb 2009 20:10:57 -0600
Ron Johnson ron.l.john...@cox.net wrote:
On 02/22/2009 07:03 PM, Javier wrote:
...
And which is better, Blowfish or AES?
AES.
Source? Wikipedia just says:
Blowfish provides a good encryption rate in software and no effective
cryptanalysis of it has
On Mon, 23 Feb 2009 00:06:02 -0500
Jeff Soules sou...@gmail.com wrote:
Hi Javier,
Thank you for your reply. Given the hypothetical (but all too
possible) situation you describe, there are different considerations.
Now imagine the worst situation, that a friend wants to protect his data
Ron Johnson escribió:
On 02/23/2009 09:26 AM, Javier wrote:
Ron Johnson escribió:
On 02/23/2009 01:28 AM, Jordi Gutiérrez Hermoso wrote:
2009/2/21 Javier javu...@gmail.com:
I'm actually using encfs to protect my sensitive data,
Eh...
http://xkcd.com/538/
That's known as Rubber Hose
Jordi Gutiérrez Hermoso escribió:
2009/2/23 Javier javu...@gmail.com:
The main point here is: if he is lucky enough, no police would enter
into his house.
Since this has become a tinfoil hat thread more than an encryption thread...
My own personal solution to the problem has been this: my
On Mon, Feb 23, 2009 at 02:34:26PM EST, Ron Johnson wrote:
Given enough time, and resources, *nothing* is untouchable. It's just
a matter of whether They think that the time-effort is worth being
spent on *you*.
Like, twenty times the estimated life of the universe.. a thousand times
its mass
Original Message
From: javu...@gmail.com
To: debian-user@lists.debian.org
Subject: Re: How to protect an encrypted file system for off-line
attack?
Date: Mon, 23 Feb 2009 23:53:27 +0100
Ron Johnson escribió:
On 02/23/2009 09:26 AM, Javier wrote:
Ron Johnson escribió:
On 02/23/2009
On 02/23/2009 06:12 PM, Chris Jones wrote:
On Mon, Feb 23, 2009 at 02:34:26PM EST, Ron Johnson wrote:
Given enough time, and resources, *nothing* is untouchable. It's just
a matter of whether They think that the time-effort is worth being
spent on *you*.
Like, twenty times the estimated life
On 02/23/2009 02:43 PM, Celejar wrote:
On Sun, 22 Feb 2009 20:10:57 -0600
Ron Johnson ron.l.john...@cox.net wrote:
On 02/22/2009 07:03 PM, Javier wrote:
...
And which is better, Blowfish or AES?
AES.
Source? Wikipedia just says:
Blowfish provides a good encryption rate in software and
On Tue, 24 Feb 2009 00:10:54 +0100
Javier javu...@gmail.com wrote:
...
I've discovered that the program apg is very nice, it can produce
lengthy but pronounceable pass phrases like these (40 readable chars,
probably equivalent to a 256bit random one):
Or pwgen.
Celejar
--
On Mon, 23 Feb 2009 18:59:56 -0600
Ron Johnson ron.l.john...@cox.net wrote:
On 02/23/2009 02:43 PM, Celejar wrote:
On Sun, 22 Feb 2009 20:10:57 -0600
Ron Johnson ron.l.john...@cox.net wrote:
On 02/22/2009 07:03 PM, Javier wrote:
...
And which is better, Blowfish or AES?
AES.
On 02/23/2009 07:12 PM, Celejar wrote:
[snip]
But it's not a concern for full 16-round Blowfish, so is that really
a problem?
There is no effective cryptanalysis on the full-round version of
Where there's smoke, there might be fire.
[snip]
So as I said, anything wrong with Twofish?
ow...@netptc.net escribió:
Original Message
From: javu...@gmail.com
To: debian-user@lists.debian.org
Subject: Re: How to protect an encrypted file system for off-line
attack?
Date: Mon, 23 Feb 2009 23:53:27 +0100
Ron Johnson escribió:
On 02/23/2009 09:26 AM, Javier wrote:
Ron
Ron Johnson escribió:
On 02/23/2009 06:12 PM, Chris Jones wrote:
On Mon, Feb 23, 2009 at 02:34:26PM EST, Ron Johnson wrote:
Given enough time, and resources, *nothing* is untouchable. It's just
a matter of whether They think that the time-effort is worth being
spent on *you*.
Like, twenty
On 02/23/2009 08:43 PM, Javier wrote:
[snip]
As I also have read in the Wikipedia, it is reseonable to crack a 56bits
DES, a 64bits AES if you have online access to the machine, and probably
in the future it might be possible to crack a 128bits, even offline.
But, a 256 one? It seems
As Ron said, the problem you're describing is a little bit different
from the one the man page talks about.
The most intrusive attacks, where an attacker has complete control of
the user's machine (and can therefor modify EncFS, or FUSE, or the
kernel itself) are not guarded against. Do not
Jeff Soules escribió:
As Ron said, the problem you're describing is a little bit different
from the one the man page talks about.
The most intrusive attacks, where an attacker has complete control of
the user's machine (and can therefor modify EncFS, or FUSE, or the
kernel itself) are not
On 02/22/2009 07:03 PM, Javier wrote:
[snip]
Now imagine the worst situation, that a friend wants to protect his data
from his corrupt dictatorial government, and he doesn't want to directly
make the question here, because he is afraid.
From your name, we can reasonably narrow it down. I.e.,
Hi Javier,
Thank you for your reply. Given the hypothetical (but all too
possible) situation you describe, there are different considerations.
Now imagine the worst situation, that a friend wants to protect his data
from his corrupt dictatorial government
Absolutely a possibility. There are
2009/2/21 Javier javu...@gmail.com:
I'm actually using encfs to protect my sensitive data,
Eh...
http://xkcd.com/538/
- Jordi G. H.
--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Sorry for my ignorance in this respect, I hope you can help me.
I'm actually using encfs to protect my sensitive data, but this is what
is said in the manual:
The most intrusive attacks, where an attacker has complete control of
the user’s machine (and can therefor modify EncFS, or FUSE, or the
On 02/21/2009 10:16 AM, Javier wrote:
Sorry for my ignorance in this respect, I hope you can help me.
I'm actually using encfs to protect my sensitive data, but this is what
is said in the manual:
The most intrusive attacks, where an attacker has complete control of
the user’s machine (and can
52 matches
Mail list logo
