[Chugalug] Is time for crypto for non-techies class?

Dave Brockman dave at brockmans.com
Tue Jun 11 22:07:37 UTC 2013


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 6/11/2013 5:47 PM, Stephen Kraus wrote:
> Also:the I think its pretty foolish to assume that every
> encryption crack was simply a matter of brute forcing a password or
> using rainbow tables.

I'm not sure I'm following.  If the crypto algorithms are solid, then
brute-force, or even educated-massaged force (ala rainbow tables) is
pretty much exactly what happens.

The encryption on a system does not suddenly turn it into a
> one-time pad, if someone like the government decides its work
> breaking your encryption they are going to break it.

Clarifying, I think we are in agreement.  Given enough resources, time
and motivation almost(?) all encryption is breakable.  And there are
lots of "clouds" with lots of resources in this world....

> Not to mention I know things like open source encryption has been
> highly examined by the NSA, after all they need to know what
> systems their adversaries might use and what systems might also be
> useful to them.

Funny thing about crypto is, you get too good with it, you end up
working for alphabet agencies....

> By the way, tinfoil hats ECHELON was a real system. Not some
> massive government controlled AI (sorry conspiracy theorists) but
> it was real none the less.

Cold War Era tech for Satellite Intercepts of (former) USSR, no?

> Am I saying you shouldn't encrypt? Of course not, especially as
> the courts have determined encryption is protected by the Fifth
> Amendment, but just be aware its safe to assume its already
> compromised somehow

I wouldn't go quite that far.  But I think applying and educating
about the benefits of layering.  Keypass might be good enough for some
things.  Keypass on a TrueCrypt volume might be required for others.
A hidden TrueCrypt volume with key material from a random FLAC on my
thumb drive might be required for other information.  A hidden
truecrypt volume on a software raided encrypted volume built on
external flash drives, blah blah blah, you get my point.  They will
get it eventually, yes.  Is my data worth the effort, probably not.

Regards,

dtb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (MingW32)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQEcBAEBAgAGBQJRt5+pAAoJEMP+wtEOVbcdrXUH/iObay6ntfnTE8UwQgQSRe5K
HTbCDjyc/+lHNRfUpKW18rfi9oM1D3yGC+UAKHO/q4p4Dww8Eonhp21kmVHHPSdY
XnqWFTScU1+PY+QbVEKrJb5YW0lABr2SdJMCJVCkOKfw7wjFlzBxn0B6LzQvUYJ4
Z1Z87m0NTfxEIMY6GqHXGCz4U9n4l98D7qU0P3TBHjiM0PGM9nJfkhxwMP9ukPMi
wuEMxVo2sAd80TGw5qQg69pKzcXbk8OKrRgjnrARHrAYQ0aupb6tI6j1RtvSd8B2
OE+RFQmYiTM0FquBoskziYCKkjmSIrF00tGjDJ63J7WfQNOqWO6JgScDW7AY9sc=
=G5ZK
-----END PGP SIGNATURE-----


More information about the Chugalug mailing list