Help ATS with a contribution via PayPal:
learn more

Strong Encryption

page: 1
2

log in

join

posted on Sep, 21 2013 @ 01:53 AM
link   
in another thread, crypto was mentioned and with some of the recent news items i thought it may be wise
to touch on crypto and get a good thread going on it.

www.schneier.com...

so, the "math" is still strong...


for symmetrical crypto:

at least 256 with SHA512

asymmetrical (GPG)
you want at least a 2048 key 3072 may be something we should be considering now. and use DSA and ElGamal.

truecrupt has a "cascade" option when your creating a VOL, which is encrypt with 3 algorithms and SHA512.

Ghostinshell




posted on Sep, 21 2013 @ 02:22 AM
link   
reply to post by Ghostinshell
 


Two little things I saw with my very own eyes:

1. "The Bowling Alley" - could decrypt anything in less than ten seconds. 1990's technology.
2. An AT&T telephone that was absolutely secure when communicating with another phone of that model line. There were some very upset intel folks.



posted on Sep, 21 2013 @ 02:22 AM
link   


truecrupt has a "cascade" option when your creating a VOL, which is encrypt with 3 algorithms and SHA512.
reply to post by Ghostinshell
 


The most critical aspect of TrueCrypt is that it is open source. That means that the three letter agencies have not put in a back door. You can have all the strength in the world but if a backdoor is there you are gone.

P



posted on Sep, 21 2013 @ 03:19 AM
link   
reply to post by pheonix358
 


A backdoor does not have to be some injected clandestine code. It can be in the mathematical architecture used, a fundamental weakness or predictive relationship that no one has figured out as yet, but someone knows what it is.



posted on Sep, 21 2013 @ 04:13 AM
link   

charlyv
reply to post by pheonix358
 


A backdoor does not have to be some injected clandestine code. It can be in the mathematical architecture used, a fundamental weakness or predictive relationship that no one has figured out as yet, but someone knows what it is.


I completely agree, yet that is the nature of the beast. For every new law that is passes the encryption community comes up with a solution, sometimes very amusing ones. The US government passed laws on export of encryption that if I remember, stopped PGP from being exported. The Law was flawed. The program was printed out and legally left the country since no one thought of it being carried out in paper format.

The UK brought in draconian laws which were made fairly redundant by hidden containers and so it goes on.

The good guys are pretty damn good, quick to provide alerts of weaknesses. I will say that they are winning and have been for a while.

To have a weakness as you suggest is why TrueCrypt uses a cascade of methods. You have to defeat all three and that is near to impossible.

P



posted on Sep, 21 2013 @ 05:36 AM
link   
"near to impossible" Don't we know the ramifications in that statement!

As we are all bozo's on this bus, there will always be someone that will add 1 to a googolplex.

Perhaps the only place we are safe is in the bathroom.
edit on 21-9-2013 by charlyv because: to early to spell right



posted on Sep, 22 2013 @ 01:53 PM
link   
with all the password cracking software thats out and about, it would not surprise me if there is some pretty crazy parallel crypto cracking software running on super computers. but, thats very expensive my guess is
veryus "side" or MTM types of attacks are used instead.

like, someone uses 4096 key, so you key log them, or get the root CA for the sites there logging into so you can see
there SSL traffic.... then you can capture all the login info...



posted on Oct, 22 2013 @ 04:39 AM
link   
The actual math is some cases has been perverted.

inagist.com...

www.nytimes.com...



posted on Oct, 22 2013 @ 04:39 AM
link   
delete
edit on 10/22/2013 by staple because: (no reason given)



posted on Oct, 22 2013 @ 04:42 AM
link   
reply to post by charlyv
 


Actually it is the kitchen. Turn on the microwave and the water faucet. Speak softly. Kills most eavesdropping.



posted on Nov, 7 2013 @ 01:18 PM
link   
I would stay away from cascade. The more complex a security system the more vulnerable it can be. I would also go with an algorithm that is not widely used. The one that is most used will be the one most targeted. I would be dumbfounded if the CIA and the NSA could not crack AES. IMHO it is theoretically possible with a system that is already in place. I wont give any details but I would steer clear of it. However, I am not worried about the CIA or the NSA for that matter there's not really anything they would want with me, and I do not make a habit of visiting Islamic websites. If you know what I mean.



posted on Nov, 7 2013 @ 03:11 PM
link   

Pimpintology
I would stay away from cascade. The more complex a security system the more vulnerable it can be. I would also go with an algorithm that is not widely used. The one that is most used will be the one most targeted. I would be dumbfounded if the CIA and the NSA could not crack AES. IMHO it is theoretically possible with a system that is already in place. I wont give any details but I would steer clear of it. However, I am not worried about the CIA or the NSA for that matter there's not really anything they would want with me, and I do not make a habit of visiting Islamic websites. If you know what I mean.


while thats true, eg more complexity is not a good thing; but the truecrypt docs:
www.truecrypt.org...

gives you some options. as long as the encryption process is correct, even tho internally there is a shared key
the actual ciphertext theoretically should be stronger. but hey i am not a cryptologist....






top topics



 
2

log in

join