[Chugalug] Is time for crypto for non-techies class?
dave at brockmans.com
Tue Jun 11 22:07:37 UTC 2013
-----BEGIN PGP SIGNED MESSAGE-----
On 6/11/2013 5:47 PM, Stephen Kraus wrote:
> Also:the I think its pretty foolish to assume that every
> encryption crack was simply a matter of brute forcing a password or
> using rainbow tables.
I'm not sure I'm following. If the crypto algorithms are solid, then
brute-force, or even educated-massaged force (ala rainbow tables) is
pretty much exactly what happens.
The encryption on a system does not suddenly turn it into a
> one-time pad, if someone like the government decides its work
> breaking your encryption they are going to break it.
Clarifying, I think we are in agreement. Given enough resources, time
and motivation almost(?) all encryption is breakable. And there are
lots of "clouds" with lots of resources in this world....
> Not to mention I know things like open source encryption has been
> highly examined by the NSA, after all they need to know what
> systems their adversaries might use and what systems might also be
> useful to them.
Funny thing about crypto is, you get too good with it, you end up
working for alphabet agencies....
> By the way, tinfoil hats ECHELON was a real system. Not some
> massive government controlled AI (sorry conspiracy theorists) but
> it was real none the less.
Cold War Era tech for Satellite Intercepts of (former) USSR, no?
> Am I saying you shouldn't encrypt? Of course not, especially as
> the courts have determined encryption is protected by the Fifth
> Amendment, but just be aware its safe to assume its already
> compromised somehow
I wouldn't go quite that far. But I think applying and educating
about the benefits of layering. Keypass might be good enough for some
things. Keypass on a TrueCrypt volume might be required for others.
A hidden TrueCrypt volume with key material from a random FLAC on my
thumb drive might be required for other information. A hidden
truecrypt volume on a software raided encrypted volume built on
external flash drives, blah blah blah, you get my point. They will
get it eventually, yes. Is my data worth the effort, probably not.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (MingW32)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
-----END PGP SIGNATURE-----
More information about the Chugalug