On Wed, Jun 25, 2008 at 9:24 PM, Sebastian Wiesner <[EMAIL PROTECTED]>
wrote:
> Chris Walters <[EMAIL PROTECTED]> at Wednesday 25 June 2008, 22:25:18
> > Are you a cryptology expert?
>
> Are you then?
I doubt that either of you are cryptology experts. I've known a few, and I
am a crypto-expert, who has worked for the government of the US.
>
> > The only thing that cryptography attempts to do is reduce the
> > **probability** of cracking the key and gaining access to the data as low
> > as possible.
>
> No news. That's, why cryptology defines "security" not as "being
> impossible
> to crack", but as "being sufficiently improbable to crack". The only
> cipher, that can't be "brute-forced", is the OTP, which is
> considered "perfectly secure".
There is no such thing as perfectly secure, but a cipher algorithm that
would take *all* the computers on Earth a year or more to crack is pretty
secure.
>
> > As for brute forcing a passphrase: Since most implementations of AES
> > (Rijndael) use a hash of the passphrase to form the key, it amounts to
> > the same thing, in practice, as cracking the key.
>
> First of all, you can perform hard disk encryption _without_ a passphrase.
> You can store keyfiles on smart cards, usb sticks, etc. In this case, you
> can generate a _truely random_ key.
>
> Using a passphrase is the most insecure approach, but still, with a
> sufficiently random passphrase, you can gain a level of security, that even
> the NSA will find difficult to come around.
>
> The randomness of a 30-char passphrase does of course by far not match the
> randomness of a 256-bit key, so there is a real chance, that it can be
> guessed by brute force. Still it will take much cpu time, which is not
> endless, even to the NSA.
I don't think I can really comment on this, except to say that smart cards
and usb thumb drives are the way to go for security. As long as you can keep
control of the device.
>
> In such a case, the question is, if the data, you ciphered, is really worth
> the effort of putting a super computer into work for a long time to try any
> possible passphrase.
Mr. Walters' claim is not that they would put a single super-computer to
decrypting it, but a "network of supercomputers". I truly don't think you
have to worry about that occurring, unless you are deemed a danger to US
National Security. Even then, AES is very hard to crack. The major weakness
is the person who encrypts the data. Under questioning, most will give up
their keys.
>
> > Cryptology is, at least partly about finding the weakest link, because
> > that is what is likely to be attacked in any cryptosystem.
>
> Of course, absolutely true. Hard disk encryption is by far not perfect,
> just look at the cold boot attacks that gained public interest in the last
> time. But you didn't talk of _cryptosystems_ in your previous posts, you
> did talk about _algorithms_.
By themselves algorithms are relatively useless. It is only the application
of those algorithms that make them useful. In this case, Mr. Walters pointed
out how *NOT* to apply cipher algorithms. Some of the ways, anyway.
>
> Summarizing, the modern ciphers themselves are secure, as there is mostly
> no
> way to crack them save a brute-force attack on the key. On the other hand,
> cryptosystems built around these algorithms can of course contain
> weaknesses and holes, like weak passphrases, unsecure key storage, etc.
>
> > The US Government only keeps classified information on non-networked
> > computers in secure environments, so the cipher used does not matter as
> > much as the other security measures taken to ensure that the data does
> > not fall into the wrong hands.
>
> May be. I do not know, which restrictions apply to US classified data, I
> only know about official statements, the US government made towards the
> security of AES.
I can neither confirm nor deny Mr. Walters' statement. I will state that the
United States Government does, in fact, use ciphers to communicate with
Embassies, Military Camps and Bases abroad, and Naval vessels. That hardly
fits Mr. Walters' statement.
>
> > A final thought: It is a fact that both the US Navy and the NSA are
> > *very* interested in cryptology and data security. The NSA also does
> > have large networks of supercomputers that, using parallel, distributed
> > or concurrent computing principles can crack keys more quickly than you
> > may think.
>
> You can use simple mathematics to find out, that even the largest super
> computers, having one peta flop, needs millions of years to perform an
> exhaustive search through AES key space.
>
> Anyway, you may believe, what you want to believe, I'm just reflecting,
> what
> real experts like Bruce Schneier have been telling for years: It's wrong
> to trust into simple ciphers, but it's equally wrong, to believe, that
> anything can be broken.
It is equally wrong to believe that any cipher is immune to attack, but it
is not nearly as easy as Mr. Wa
