John Viega is probably one of the leading authorities on the vulnerabilities 
regarding SSL.  I used to have his book (signed of course), but that's another 
story.  For those who may be interested, 

http://www.infibeam.com/Books/info/John-Viega/Network-Security-with-Open-SSL/059600270X.html

It's an O'Rielly.

t




________________________________
From: Lisa Kachold <lisakach...@obnosis.com>
To: gm5...@gmail.com; Main PLUG discussion list 
<plug-discuss@lists.plug.phoenix.az.us>
Sent: Mon, June 21, 2010 7:23:49 PM
Subject: Re: Crackabiltiy of OpenSSL, GPG, bcrypt and scrypt




On Wed, Jun 9, 2010 at 7:36 AM, gk <gm5...@gmail.com> wrote:

>I hope I am making an apples to apples comparison.
>
>>I'm not talking about Debian's mess up awhile back. Nor am I talking about 
>>something that was flying around Debian's mailing list for OpenSSL, 
>>FUSE/ENCFS and AES ciphers.
>
>
>>I'm talking overall. Which is the most stable, has the highest probability of 
>>not be broken in our lifetimes (20 yrs). Mainly I'm trying to center in on 
>>file management, not email. GPG is good for email, but I find that using 
>>OpenSSL is actually easier because it is by default installed on *nix boxen, 
>>AND is VERY VERY easily installed on M$ products compared to the massive 
>>hoops that have to be done for GPG on the later that even a well versed Linux 
>>user would be pressed to install right.
>
>>scrypt claims it is much more difficult in its derivations than bcrypt which 
>>is 448 bit Blowfish. Thereby saying it is harder to "crack". However, I can 
>>not find anything on scrypt that says what type of encryption method it uses 
>>much less bit value.
>
>>So if you had a face off between OpenSSL, GPG and scrypt for file encryption. 
>>Let me say bcrypt has some funky responses once in a while to extra large 
>>files, ie > 4gb. Which to use?
>
>
>>gk
>
>>-- 
>>Remember, it's not that we have something to hide; it's that we have nothing 
>>to show.
>
>>--Keep tunneling.
>
I would have to take the openssl road here!

Of course, maintaining the most recent stable version and upgrading when 
security issues are found are required of all code or systems tools management.

We are not even going to begin to discuss that entropy remains broken.  

-- 
Office: (480)307-8707
AT&T: (503)754-4452 


      
---------------------------------------------------
PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss

Reply via email to