Re: AES HDD encryption was XOR
In the NBC TV episode of /Chuck/ a couple of weeks ago, the NSA cracked a 512-bit AES cipher on a flash drive trying every possible key. Could be hours, could be days. (Only minutes in TV land.) http://www.nbc.com/Chuck/video/episodes/#vid=838461 (Chuck Versus The Fat Lady, 4th segment, at 26:19) It's no wonder that folks are deluded, pop culture reinforces this. No, this is simple to do. What you is to start with a basic cracking engine. And then you add another one an hour later, and then an hour later add two, then add four the next hour and so on. If you assume that the first cracker can do 2^40 keys per second, then you're guaranteed to complete in 472 hours, which is only 20 days. And of course there's always the chance you'd do it in the first hour. For those who doubt being able to double the cracking power, Moore's law proves this is possible. QED. Jon - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Why the poor uptake of encrypted email? [Was: Re: Secrets and cell phones.]
On 8 Dec 2008, at 22:43, David G. Koontz wrote: JOHN GALT wrote: StealthMonger wrote: This may help to explain the poor uptake of encrypted email. It would be useful to know exactly what has been discovered. Can you provide references? The iconic Paper explaining this is Why Johnny Can't Encrypt available here: http://portal.acm.org/citation.cfm?id=1251435 Available from the Authors: http://gaudior.net/alma/johnny.pdf A later follow up (s/mime; more focus on the KDC): http://www.simson.net/clips/academic/2005.SOUPS.johnny2.pdf is IMHO more interesting - as it explores a more realistic hostile scenario, seems to pinpoint the core security issue better; and goes to some length to evaluate remedial steps. And it does show that a large swath of issues in PGP are indeed solvable/solved (now) Thanks, Dw - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Why the poor uptake of encrypted email?
On 8 Dec 2008, at 21:13, JOHN GALT wrote: The iconic Paper explaining this is Why Johnny Can't Encrypt available here: http://portal.acm.org/citation.cfm?id=1251435 Orlbaq gur Jul Wbuaal cncre - sbphfvat hcba hfnovyvgl - V guvax gurer vf n uvture ceboyrz bs vagrebcrenovyvgl naq vasbezngvba-npprff ng cynl urer. Gurer pna or ab npprff gb lbhe znvy jvgubhg hfr bs n pyvrag vs lbh ner hfvat pelcgbtencul - rira EBG13 - naq guvf nybar vf n ovt ceboyrz, orpnhfr zrqvngrq npprff gb lbhe r-znvy vf *ernyyl* cnvashy. Sbe fbzr 15 lrnef V hfrq zu/azu/rkzu (ynggreyl jvgu srgpuznvy), gura zbirq gb Znvy.ncc, erpragyl gevrq Guhaqreoveq sbe n srj zbaguf, naq nz er-pbafvqrevat azu sbe ybat-grez nepuvivat bs r-znvy. V nyfb hfr zl vCbq, guerr yncgbcf jvgu inelvat fcrpvrf bs Havk, naq n 3T cubar gb npprff r-znvy. Bppnfvbanyyl V fgvyy pbcl fghss bhg bs /ine/znvy/. V jbhyq unir fhssrerq vzzrafryl jrer V erdhverq gb hfr n cnegvphyne pelcgb-ranoyrq pyvrag gb qrny jvgu zl r-znvy ng rnpu fgntr, be jrer V erdhverq gb hfr uvfgbevpny pelcgb-pyvragf gb npprff byqre znvyf. Nalbar jubfr pbyyrtr gurfvf vf va JbeqCresrpg ba n 5.25 sybccl ng gur onpx bs n pybfrg fbzrjurer, fubhyq haqrefgnaq guvf ceboyrz. Gb guvf qnl Cebwrpg Thgraoret hfrf syng NFPVV nf n ybjrfg pbzzba qrabzvangbe sbezng, naq fvzvyneyl V arrq zl r-znvy va gur fvzcyrfg sbez fb gung V pna terc vg, crey vg, dhbgr vg naq frnepu vg. Fb jul unf rapelcgrq r-znvy snvyrq? V fhfcrpg gung fgngvp qngn rapelcgvba eribygf ntnvafg gur angher bs crefbany pbzzhavpngvba naq gur arrqf bs crefbany vasbezngvba er-hfr. Sbe pbzcnevfba, pbafvqre gur pbairetrapr bs vafgnag zrffntvat naq r- znvy - gurl ner orpbzvat rire zber nyvxr, ohg gur sbezre zbfgyl eryvrf hcba raq gb raq genafcbeg frphevgl, bsgra nffhzvat gung gur cevinpl bs ybtf ng rvgure raq ner ng gur juvz bs *gung* hfre. Sbe fbzr ernfba guvf jbexf engure jryy; nf frphevgl trrxf jr pbzcynva nobhg vg, ohg gurer unir orra znal gvzrf jura Fxlcr unf onvyrq zr bhg bs gebhoyr jvgu vgf novyvgl gb qevyy guebhtu nyzbfg nalguvat naq cebivqr zr jvgu zrffntvat naq svyr-genafsre. Fvzvyneyl NVZ, Wnoore, TPung - nyy bs juvpu V unccvyl eha jvgu BGE - tvir zr arprffnel zbfgyl-frpher pbzzhavpngvba. Va gur jbeyq bs r-znvy gur ceboyrz vf gung gur raq-hfre vaurevgf n oybo bs qngn juvpu jnf rapelcgrq va beqre gb qrsraq gur zrffntr nf vg cnffrf ubc ol ubc bire gur fgber-naq-sbejneq FZGC-erynl (be HHPC?) r- znvy argjbex... ohg gur hfre vf yrsg gb qrny jvgu gur rssrpgf bs fbyivat gur *genafcbeg* frphevgl ceboyrz. Gur zbqry vf byq. Vg vf ohfgrq. Vg vf (gbqnl) jebat. Vg'f yvxr beqrevat ybofgre ovfdhr, naq univat n yvir ybofgre ghea hc ng lbhe gnoyr; jung lbh jnag vf va gurer - urnivyl nezberq - naq lrf lbh pna eraqre jung lbh erprvir vagb jung lbh npghnyyl qrfver; OHG vg'f zrffl naq lbh'er ernyyl fghpx hayrff lbh unir n zbhyv, n fnhprcna naq n fznyy CTC ubgcyngr ng unaq. Naq bs pbhefr lbh unir gb nepuvir pbcvrf bs gur ybofgre, abg gur fbhc. F/ZVZR naq vgf oergurera rkvfg gb fvzhygnarbhfyl nqqerff gur frphevgl bs qngn va zbgvba naq qngn ng erfg - ohg crbcyr qba'g jnag gur ynggre va gur sbez gung vg cebivqrf, orpnhfr vg vauvovgf vagrebcrenovyvgl naq hfnovyvgl ng n yriry nobir gur guvf fbsgjner fhpxf znggre... Naq vs gur qngn va zbgvba raq gb raq frphevgl vffhr vf orvat nqqerffrq ol guvatf yvxr VZ/BGE naq Fxlcr, gura creuncf frpher r- znvy jvyy fbba tb gur jnl bs Gryarg naq SGC? - nyrp ps: if you are stuck, try www.rot13.com - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: The next time someone tells you no one would do something...
Perry E. Metzger [EMAIL PROTECTED] writes: Summary: shops in Vietnam removing the baseband chip on iPhone motherboards to reprogram and unlock them. From someone who knows about these things: They got this a little wrong -- he's actually removing the stacked die NOR/PSRAM, erasing and reprogramming to a version that is vulnerable to the SIM proxy attack. It's not really any big deal. Peter. - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Why the poor uptake of encrypted email?
Alec Muffett wrote: Naq bs pbhefr lbh unir gb nepuvir pbcvrf bs gur ybofgre, abg gur fbhc. If we still had finger-plans, this would have made its way into mine. What a great quote! /ji PS: For the rot13-impaired, it reads And of course you have to archive copies of the lobster, not the soup. - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: AES HDD encryption was XOR
On Mon, Dec 08, 2008 at 08:53:18PM -0800, Jon Callas wrote: In the NBC TV episode of /Chuck/ a couple of weeks ago, the NSA cracked a 512-bit AES cipher on a flash drive trying every possible key. Could be hours, could be days. (Only minutes in TV land.) http://www.nbc.com/Chuck/video/episodes/#vid=838461 (Chuck Versus The Fat Lady, 4th segment, at 26:19) It's no wonder that folks are deluded, pop culture reinforces this. No, this is simple to do. What you is to start with a basic cracking engine. And then you add another one an hour later, and then an hour later add two, then add four the next hour and so on. If you assume that the first cracker can do 2^40 keys per second, then you're guaranteed to complete in 472 hours, which is only 20 days. And of course there's always the chance you'd do it in the first hour. For those who doubt being able to double the cracking power, Moore's law proves this is possible. In the well-known Indian fable, the King was bankrupted by doubling grains of rice on a 64-square chess-board. Back in the USSR, every school-child learned this fable. Oh, and chess was pretty popular too... The fact that the fable refutes the *sustainability* of Moore's law seems to be under-appreciated on this side of the Iron-curtain. It is not a question of whether, but rather when the departure from Moore's law will take place. The computing power of the microprocessor is still under 32 powers of 2 from its inception, naive extrapolation to the next 32 powers of 2 is unwise. -- Viktor. - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]