Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <f4a1c338bf6ef8109daea0d1a9e77429@smtp.hushmail.com>
Date: Sun, 29 Mar 2020 14:34:17 +0200
From: magnum <john.magnum@...hmail.com>
To: john-users@...ts.openwall.com
Subject: Re: Two security-related questions

On 2020-03-29 12:42, Johny Krekan wrote:
> 1. If you could choose - which archiver to choose to securely encrypt 
> files which one you would choose (7zip or rar).

With a sufficiently good passphrase, I believe they are both just fine.

> 2. If I use standard AES library and write mi own small program to 
> encrypt data for example file, so after encryption the person who gets 
> the file using illegal methods (for example by hacking in to the system) 
> but will not have my encryption tool, how hard it will be for this 
> person to decrypt the encrypted file?

Using known good components like AES for encryption (using some suitable 
cipher mode) and PBKDF2 for key stretching (with sufficient parameters), 
the fact you wrote your own program or not shouldn't count.

> Chosen password will be for example 12 character password like for 
> example !141BCDeg9aa

You did not mention a KDF. AES uses a 128-bit or larger key. If you 
generate it properly (i.e. using a good KDF) it can't be brute-forced, 
so you'd instead brute-force the input to the KDF in hope it's a weak 
password.

An example of a (very) poor KDF would be to use your password directly, 
null-padded to 128 bits, as the AES key. Not only would it be easy (in 
terms of p/s) to brute-force your password, the generated key would be 
so very weak you could actually brute-force that instead (well it'd be 
more or less the same thing).

A good KDF is, for example, PBKDF2-HMAC-SHA256 using hundreds of 
thousands of iterations. The AES key it would produce is random-looking, 
so there's no point trying to brute-force that. Instead I'd try to 
brute-force your password, but I'd get a low p/s due to the KDF. If you 
produced your password by "randomly" hitting keys on your keyboard, 
chances are it ended up much less random than you think and our 
incremental mode just might find it early enough. If you used a good 
password generator to produce random printable ASCII of length 12, I'd 
say (for all practical/civil purposes) it's uncrackable: The keyspace is 
95 to the power of 12. If I can BF it with 32K p/s it would take 
hundreds of *billions* of years. If I'm a very powerful attacker 
possessing thousands of GPUs, it'd still take hundreds of *millions* of 
years. Heck, even if I have hundreds of millions of GPUs, it'd still 
take *thousands* of years.

magnum

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.