nce of Secret Writing: The Science of Secret Writing. Dover
> > Publications. pp. 81. ISBN 0-486-20247-X.
> >
> > Stu
> >
> > On 18 Jun 2010 at 2:00, Pavel Kankovsky wrote:
> >
> > Date sent: Fri, 18 Jun 2010 02:00:48 +0200 (CEST)
> > From:
Kankovsky
> To: full-disclosure@lists.grok.org.uk
> Subject:Re: [Full-disclosure] Introducing TGP...
>
>> On Mon, 14 Jun 2010, lsi wrote:
>>
>>> [...] cracking some files protected by ancient crypto.
>>
>> Ancient crypto? Five or
ns. pp. 81. ISBN 0-486-20247-X.
Stu
On 18 Jun 2010 at 2:00, Pavel Kankovsky wrote:
Date sent: Fri, 18 Jun 2010 02:00:48 +0200 (CEST)
From: Pavel Kankovsky
To: full-disclosure@lists.grok.org.uk
Subject: Re: [Full-disclosure] Introducing
On Mon, 14 Jun 2010, lsi wrote:
> [...] cracking some files protected by ancient crypto.
Ancient crypto? Five or so years ago I met a "big business" application
using an encryption algorithm based on the Vigenere cipher (you know,
that 450 year old thing *not* invented by Blaise de Vigenere). :
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Wed, 16 Jun 2010 22:23:04 +
"Thor (Hammer of God)" wrote:
> > You're using a 1024 bit key here which seems a bit gutsy ;-)
> >
> > Without better attacks, you basically have:
> >
> > Brute force AES 256 -> O(2^256)
> > Bruce force your 20 ch
> > You're using a 1024 bit key here which seems a bit gutsy ;-)
> >
> > Without better attacks, you basically have:
> >
> > Brute force AES 256 -> O(2^256)
> > Bruce force your 20 char password -> roughly O(2^(20*7)) == O(2^140)
> > Factor your 1024 bit public modulus -> roughly O(2^80)
> >
> > Si
> You're using a 1024 bit key here which seems a bit gutsy ;-)
>
> Without better attacks, you basically have:
>
> Brute force AES 256 -> O(2^256)
> Bruce force your 20 char password -> roughly O(2^(20*7)) == O(2^140) Factor
> your 1024 bit public modulus -> roughly O(2^80)
>
> Since a 768 bit R
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Mon, 14 Jun 2010 09:52:12 -0700
"Thor (Hammer Of God)" wrote:
> You don't think I considered it? Really? You think that I would go
> through the trouble of designing and implenting a standards based
> encrytion application without considerin
>> The SHA256 hashing of the private key may not result in authenticity
>> assurances on the key (if I'm reading it correctly). I believe that's
>> an Athenticate-then-Encrypt scheme, and the details of the
>> interactions in AtE can be tricky.
>
>I had an opportunity to sleep on this, so here's my
Hi Thor,
This is focused less on the fact that message m is a private key, and
more on good crypto and how to encrypt/authenticate a message m in
general.
> The SHA256 hashing of the private key may not result in authenticity
> assurances on the key (if I'm reading it correctly). I believe that's
osure@lists.grok.org.uk
> > Subject: Re: [Full-disclosure] Introducing TGP...
> >
> > Hi Timothy
> > >
> > > TGP - "Thor's Godly Privacy"
> > >
> > > 06/13/10 v1.1.06
> > >
> > First of all you should k
Hi Timothy
>
> TGP – “Thor’s Godly Privacy”
>
> 06/13/10 v1.1.06
>
> it does things a bit differently – differently in a way that can
> change the way you work with your encrypted data. At the simplest
> level, this is done by encrypting data into byte arrays, and then
> converting those byte array
ail.com [mailto:mike.vasq...@gmail.com] On Behalf Of
Michael Neal Vasquez
Sent: Monday, June 14, 2010 4:39 PM
To: Thor (Hammer of God)
Cc: full-disclosure@lists.grok.org.uk"
Subject: Re: [Full-disclosure] Introducing TGP...
Why send it to a public form/blog/email list, etc. When you could email it to
Why send it to a public form/blog/email list, etc. When you could email it
to yourself, mitigating some of Stu's concerns, yet still making it
available to yourself...
Additionally, you're adding less traffic (a tiny bit less, true, but
less...)
Send it to multiple email accounts if you're worrie
Hey Nid -
> -Original Message-
> From: Nid [mailto:nidfulld...@googlemail.com]
> Sent: Monday, June 14, 2010 11:18 AM
> To: Thor (Hammer of God)
> Cc: full-disclosure@lists.grok.org.uk
> Subject: Re: [Full-disclosure] Introducing TGP...
>
> Hi Timothy
> >
&
e-boun...@lists.grok.org.uk
[mailto:full-disclosure-boun...@lists.grok.org.uk] On Behalf Of lsi
Sent: Monday, June 14, 2010 12:08 PM
To: full-disclosure@lists.grok.org.uk
Subject: Re: [Full-disclosure] Introducing TGP...
On 14 Jun 2010 at 9:52, Thor (Hammer Of God) wrote:
> You don't think I consi
Well, we all know it's a bad netiquette to throw up images without a
fair comparison, so let me do that of/for you:
http://trailsauce.com/wp-content/uploads/2010/01/monkey-butt.jpg
Think the author just couldn't take the photo with a straight face.
On Mon, Jun 14, 2010 at 9:50 PM, musnt live wr
Of you? Please no! I've seen better camels at my uncles! No more play
with you fugly nerdboy. You not even man yet, still baby
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by
Oh don't tell me you're an Open Source guy (oops...gal)?!
On Mon, Jun 14, 2010 at 9:38 PM, musnt live wrote:
> On Mon, Jun 14, 2010 at 3:34 PM, Christian Sciberras
> wrote:
>> I'm starting to wonder how much our local list court jester is being
>> paid for -his- (oh I'm sorry) her perform
On Mon, Jun 14, 2010 at 3:34 PM, Christian Sciberras wrote:
> I'm starting to wonder how much our local list court jester is being
> paid for -his- (oh I'm sorry) her performance.
>
Can you care to clarify to elaborate for us? Is there be a service for
which to pay?
_
I'm starting to wonder how much our local list court jester is being
paid for -his- (oh I'm sorry) her performance.
On Mon, Jun 14, 2010 at 9:25 PM, musnt live wrote:
> On Mon, Jun 14, 2010 at 3:07 PM, lsi wrote:
>
>> It doesn't differ from SSL, which also could be captured and
>> eventual
On Mon, Jun 14, 2010 at 3:07 PM, lsi wrote:
> It doesn't differ from SSL, which also could be captured and
> eventually cracked.
Hello FD, I'd like to warn you about a vulnerability in pointing out
the obvious:
“People all over the world will have to purchase a new calendar within
the next twe
On 14 Jun 2010 at 9:52, Thor (Hammer Of God) wrote:
> You don't think I considered it? Really? You think that I would go
> through the trouble of designing and implenting a standards based
> encrytion application without considering that it could be cracked?
The USG put a lot more into DES,
You don't think I considered it? Really? You think that I would go
through the trouble of designing and implenting a standards based
encrytion application without considering that it could be cracked?
You are incorrect. I certainly considered it. I just know that when
brute forcing AES256
On 14 Jun 2010 at 11:51, valdis.kletni...@vt.edu wrote:
> > > Ancient crypto? You really have no effing clue, do you?
> >
> > Whatever you use today, it will be ancient in 5 years.
>
> PGP came out when? 1991. Will be a quarter century old in 5 years.
DES is the first example I can think of.
I don't get it - in 5 years his iPhone will crack RSA2048 while
listening to Iron Butterfly yet all the PCs in the world won't be able
to handle AV.
It's evident that I should consult him, particularly when it comes to
reccomending what "hash" I should use :D
T
On Jun 14, 2010, at 8:51 AM,
On Mon, 14 Jun 2010 16:21:37 BST, lsi said:
> > Ancient crypto? You really have no effing clue, do you?
>
> Whatever you use today, it will be ancient in 5 years.
PGP came out when? 1991. Will be a quarter century old in 5 years.
AES came out when? Standardized in 2001 after a 5-year process b
The source of the decryptor? Everything you would possibly need to
know is right there in the read me. I'm confused why you would ask
for that, unless of course you didn't bother reading it, opting
instead to make immediate assumptions of how it is insecure.
And I think you misunderstand (
> Ancient crypto? You really have no effing clue, do you?
Whatever you use today, it will be ancient in 5 years.
> why not start cracking it now
May I have source for the decryptor?
> do something that would actually be useful
Just lending a clue, always a pleasure! I been there done that
I must have written it poorly. I never use the hash for authN, only to
make any tamporing with keys evident. I'm not sure it is a requirement
(pgp doesn't even bother making these checks) but I wanted to be extra
careful :)
On Jun 14, 2010, at 1:22 AM, Jeffrey Walton wrote:
> Hi Thor,
>
full-disclosure-boun...@lists.grok.org.uk [mailto:full-disclosure-
>boun...@lists.grok.org.uk] On Behalf Of lsi
>Sent: Monday, June 14, 2010 3:48 AM
>To: full-disclosure@lists.grok.org.uk
>Subject: Re: [Full-disclosure] Introducing TGP...
>
>On 14 Jun 2010 at 4:23, Thor (Hammer of God) wrote:
>
> The basic flaw, to me, seems to be your erroneous assumption that the
> enemy has symmetric compute capability to yourself. Once you give
> the enemy a copy of your data, even if it is encrypted, you are
> opening the door to them using some hyper-core, quantum-cooled super-
> fandango against y
On 14 Jun 2010 at 4:23, Thor (Hammer of God) wrote:
> >> create a private key with a strong password, post that, and then, say,
> >> encrypt a scan of your passport and post that.
> >
> >So, I think this is a dumb idea... :)
The basic flaw, to me, seems to be your erroneous assumption that the
e
> No, only Windows machines will be grinding to a halt. OTOH, my sleek
> unix boxen will be whizzing along nicely
You wish...
On Mon, Jun 14, 2010 at 12:47 PM, lsi wrote:
> On 14 Jun 2010 at 4:23, Thor (Hammer of God) wrote:
>
>> >> create a private key with a strong password, post that, an
On 14 Jun 2010 at 4:23, Thor (Hammer of God) wrote:
> >> create a private key with a strong password, post that, and then, say,
> >> encrypt a scan of your passport and post that.
> >
> >So, I think this is a dumb idea... :)
> >
> >You might think your crypto is secure right now, but in 5 years th
Hi Thor,
I'm probably splitting too fine a hair here...
The SHA256 hashing of the private key may not result in authenticity
assurances on the key (if I'm reading it correctly). I believe that's
an Athenticate-then-Encrypt scheme, and the details of the
interactions in AtE can be tricky. Hugo Kra
This is what I've been talking about... Here is the first part of the docs I
wrote up - make sure you see that I'm not yet supporting huge files unless you
have huge RAM. **.Net 4.0 Client profile is required to run this.**
Right now the install bits are only available on the pilot site at:
ht
37 matches
Mail list logo