Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Re: Introducing TGP...
From: "lsi" <stuart () cyberdelix net>
Date: Mon, 14 Jun 2010 11:47:42 +0100

On 14 Jun 2010 at 4:23, Thor (Hammer of God) wrote:

create a private key with a strong password, post that, and then, say,
encrypt a scan of your passport and post that.

So, I think this is a dumb idea... :)

You might think your crypto is secure right now, but in 5 years there might be
a big hole in it.  If copies of your passport are floating about on the net, you
can't even delete them, and certainly cannot prevent anyone using the new
crack against your old crypto.

Of course you think it's a dumb idea.  But according to you, in 3
years, all the computers in the world will screech to a grinding halt
because of what Symantec says are "new threats."   How can anyone use
the "new crack" when they can't turn their computers on?

No, only Windows machines will be grinding to a halt.  OTOH, my sleek 
unix boxen will be whizzing along nicely.... just waiting for some 
interesting work to do, such as cracking some files protected by 
ancient crypto.  

Even if nobody finds a weakness in the algorithm you used, 5 years 
from now I will probably have enough spare CPU to brute-force it 
using my mobile phone....

If you were posting docs with a shorter shelf-life there would be 
less danger.  But a passport is always useful.... 

If, of course you think I'm speaking tripe, go ahead and post it...

Here it is!  Go nuts.

That's too small to be a passport scan.

Timothy has developed and implemented networking and application
security solutions for institutions such as ... Microsoft .... Timothy
has been a columnist for Security FocusĀ“ Microsoft section, 



Stuart Udall
stuart at () cyberdelix dot net - http://www.cyberdelix.net/

 * Origin: lsi: revolution through evolution (192:168/0.2)

Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]