Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <20200329171509.GB19621@fantomas.sk>
Date: Sun, 29 Mar 2020 19:15:09 +0200
From: Matus UHLAR - fantomas <uhlar@...tomas.sk>
To: john-users@...ts.openwall.com
Subject: Re: Two security-related questions

On 29.03.20 08:37, Powen Cheng wrote:
>I don’t think you can prevent anyone from decrypt your file. Since you are
>using the still using the standard AES library and commercial compressor
>archiver. The only way is write your own encryption method and using salts
>with passwords and for extra measure.

I don't think writing own encryption method is a way to go, unless you are
very good in cryptology.  Using well-known encryption methods with safe
passwords is better.

AES is fine until someone cracks it or until it becomes weak for current
computers.

> Salted it again and since you will be
>writing this encryption program. No one will be able to decrypt your file
>unless you provide the decryption program. So, In long run way. You still
>cannot build a full proof system since quantum computing is coming to us in
>near future. The only thing I think is full proof is biometric encryption
>with a physical encryption key. Hell, throw on the password requirement
>while you are at it.

2-factor authentication usually means 1.  something you have 2.  something
you know.

>On Sun, Mar 29, 2020 at 6:59 AM Johny Krekan <krekan@...nykrekan.com> wrote:
>
>> 1. If you could choose - which archiver to choose to securely encrypt
>> files which one you would choose (7zip or rar).
>>
>> 2. If I use standard AES library and write mi own small program to
>> encrypt data for example file, so after encryption the person who gets
>> the file using illegal methods (for example by hacking in to the system)
>> but will not have my encryption tool, how hard it will be for this
>> person to decrypt the encrypted file?
>>
>> Chosen password will be for example 12 character password like for
>> example !141BCDeg9aa

-- 
Matus UHLAR - fantomas, uhlar@...tomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
The 3 biggets disasters: Hiroshima 45, Tschernobyl 86, Windows 95

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.