mailing list archives
Re: Introducing TGP...
From: "lsi" <stuart () cyberdelix net>
Date: Mon, 14 Jun 2010 20:07:34 +0100
On 14 Jun 2010 at 9:52, Thor (Hammer Of God) wrote:
You don't think I considered it? Really? You think that I would go
through the trouble of designing and implenting a standards based
encrytion application without considering that it could be cracked?
The USG put a lot more into DES, but that didn't save it.
You are incorrect. I certainly considered it. I just know that when
brute forcing AES256 becomes feasible, a scan of mynpssport will be
the last thing on anyone mind.
As the data is archived, an attacker can come back anytime, once they
have finished with the interesting stuff... ;)
How does this differ from SSL, and why do you think I would have to be
"live on the wire" to crack it?
It doesn't differ from SSL, which also could be captured and
If your entire argument is "it can be cracked at some point" then you
argue against *any* type of encrytion.
I'm saying security is an onion, and by posting your ciphertext you
are irreversibly removing several layers of it. Surely it's better
to keep the ciphertext inaccessible, this way an attacker has to get
access to it, in addition to cracking it.
stuart at () cyberdelix dot net - http://www.cyberdelix.net/
* Origin: lsi: revolution through evolution (192:168/0.2)
Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia - http://secunia.com/