Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-Id: <E1hsVHe-000OTK-AK@smtpout12.dnsserver.eu>
Date: Tue, 30 Jul 2019 18:47:44 +0200
From: "Johny Krekan" <krekan@...nykrekan.com>
To: "john-users@...ts.openwall.com" <john-users@...ts.openwall.com>
Subject: Re: Question for experienced cryptographers

Thanx for your post .
What hardware did you use in your test where you wanted to crack your hash?
Johny
>
>Eric Oyen eric.oyen@...il.com
>30. 7. 2019 03:51
>
>The fact of the matter is, AES with bit sizes greater than 256 is still 
the 
>best encryption standard there is.
>As for the criminal enterprise involved:
>Well, they may have made it rather difficult, but there is no such thing 
as 
>impossible.
>Rule 1: there is no such thing as absolute security
>Rule 2: if the same key and encryption gets used more than once, it’s 
chances 
>of being cracked go up a lot. (One time pads are still the most secure 
methods)
>Rule 3: some types of encryption can be broken with the use of large 
cluster 
>farms. Believe me, the NSA has one such up in Utah. Also, if there is any 
kind 
>of access to the program sources, There might be a solution gained from 
that. 
>Given the above, AES and 3DES are still the best methods to use.
>Unfortunately, those two methods have one glaring security hole, you have 
to 
>share the key with your intended party and if you don’t have a way to 
securely 
>share it and someone else gets hold of it, well, there goes your security.
>Now, RSA can use those two and because it uses a shared key system where 
there 
>are two keys (public and private), you can share the public key with 
whomever 
>you want. Only the intended recipient will be able to decrypt it, and they 
have 
>to use their own local passphrase to do it. I know, I use it here myself 
and I 
>have run JTR on one sample I created using 4096 bits encryption with a 
2048 bit 
>key-space. So far, after more than a year of steady cracking, JTR has yet 
to 
>get it.
>Now, one rule of encryption is this: depending on the value of information 
over 
>time, the longer it takes to crack, the lower the value of the information 
>becomes. Information in todays world has a shelf life, and it’s an even 
shorter 
>one where criminals are concerned.
>So, if the police in the countries mentioned can’t crack it, they can 
always 
>come to the NSA for help, or they can try the FSB in Russia. Either way, 
they 
>will have to admit they are way outside their ability on this one.
>-Eric
>> On Jul 30, 2019, at 2:59 AM, Johny Krekan <krekan@...nykrekan.com> wrote:
>> 
>> Hello, I would like to ask whether someone of you (for example 
>> Solardesigner as a John author) could estimate what is the real security 
of 
>> an applications like Threema. The webpage states that encryption 
mechanism 
>> used by this software should be secure enough and there is no chance for 
>> people to break and decrypt communication between persons which are 
using 
>> this software. What do you think what method could be used by agencyes 
to 
>> decrypt communication between criminals in Slovakia which are now bein 
>> judged in most watched process in this time? The news stated that the 
>> threema was used to encode their communication and then the news stated 
>> that the communication was succesfully decrypted.
>> I am looking to see your opinions about the security of such softwares.
>> Nice day
>> Johny Krekan

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.