Encryption thoughts

Status
Not open for further replies.
N

N_Jay

Guest
Huge GSM flaw allows hackers to listen in on voice calls

GSM:
Widely known flaw,
Billions of users/units,
Probably 10's of thousands of hackers,
10 years,
And in another 6 months the average hobbyist 'may' be able to crack the encryption.

P25 AES:
No known flaws,
Few hundred thousand users/units
Probably a few hundred hackers,
And you guess when the average hobbyist 'may' be able to crack the encryption

Time to "do the math", as they say.
 
Last edited:
N

N_Jay

Guest
But Moore's Law was in place during those ten years also.

Even with exponential processor grown, the drivers simply are not there.
 

RayAir

Member
Joined
Dec 31, 2005
Messages
1,925
The A5/1 algorithm used in European GSM cell phones has a 64-bit key, but can be broken in the time it takes to brute-force a 30-bit key. This means that even though the algorithm is given a cryptographic key with 64-bits of entropy, it only makes use of 30 bits of entropy in the key.

Another flaw, more computer related, is that some crypto products may say they take a 128-bit or 256-bit key, but the entropy is based on the user selected passphrase. A general rule, passwords have about 4 bits of entropy per character (Ex- 10 character password (ASCII std. English) is equivalent to a 40-bit key).

Just because an algorithm says it accepts 128-bit (or higher) keys does not mean it has 128 bits (or higher) of entropy in the key. In my opinion I would not trust any proprietary algorithms by any manufacturer or entity besides the well funded military/intelligence community. It simply takes years to evaluate an algorithm and if it's proprietary then those companies do not have the necessary resources to properly judge their algorithm to be free of any flaws or weaknesses. No single company, outside the military/intelligence community, has the financial resources necessary to evaluate a new cryptographic algorithm or to correct design flaws out of highly complex protocol. This is why you have seen some previous encryption schemes broken like the GSM phones, Older versions of O/S's/browsers (Netscape Navigator 1.1, Windows NT, Word/Excel 2000/2003). Supposedly, MS Office 2007 is supposed to fix the flawed 128-bit encryption for passwords in their previous products. For instance, I could put a password on one of my MS Word 2003 doc's (8-16 characters) and try to brute force it, but that could take several days, however I was able to brute force passwords of up to 6 digits in under three minutes. Or I could just connect to a password crackers server and crack the password instantly. I am in the process of converting my older files to MS Office 2007.

A library of information could be written on the topic of good and bad encryption...
 

RayAir

Member
Joined
Dec 31, 2005
Messages
1,925
Another note:
I am sure there exists a means to break any publicly available encryption. The chances of you or I doing it are slim to none, but it can be done. Certain agencies invest almost unlimited funds into this issue. Even if a flawless algorithm existed and offered true 256bit encryption, there are many other ways to get your key besides brute-force. I am sure there are even ways to do it that we have not even discovered yet, but they have.
 

poltergeisty

Truth is a force of nature
Banned
Joined
May 7, 2004
Messages
4,012
Location
RLG, Fly heading 053, intercept 315 DVV
The A5/1 algorithm used in European GSM cell phones has a 64-bit key, but can be broken in the time it takes to brute-force a 30-bit key. This means that even though the algorithm is given a cryptographic key with 64-bits of entropy, it only makes use of 30 bits of entropy in the key.

Another flaw, more computer related, is that some crypto products may say they take a 128-bit or 256-bit key, but the entropy is based on the user selected passphrase. A general rule, passwords have about 4 bits of entropy per character (Ex- 10 character password (ASCII std. English) is equivalent to a 40-bit key).

Just because an algorithm says it accepts 128-bit (or higher) keys does not mean it has 128 bits (or higher) of entropy in the key. In my opinion I would not trust any proprietary algorithms by any manufacturer or entity besides the well funded military/intelligence community. It simply takes years to evaluate an algorithm and if it's proprietary then those companies do not have the necessary resources to properly judge their algorithm to be free of any flaws or weaknesses. No single company, outside the military/intelligence community, has the financial resources necessary to evaluate a new cryptographic algorithm or to correct design flaws out of highly complex protocol. This is why you have seen some previous encryption schemes broken like the GSM phones, Older versions of O/S's/browsers (Netscape Navigator 1.1, Windows NT, Word/Excel 2000/2003). Supposedly, MS Office 2007 is supposed to fix the flawed 128-bit encryption for passwords in their previous products. For instance, I could put a password on one of my MS Word 2003 doc's (8-16 characters) and try to brute force it, but that could take several days, however I was able to brute force passwords of up to 6 digits in under three minutes. Or I could just connect to a password crackers server and crack the password instantly. I am in the process of converting my older files to MS Office 2007.

A library of information could be written on the topic of good and bad encryption...


You do know that AES 256 is approved for Top secret don't you? :lol:

Research your router and hardware and use this. https://www.grc.com/passwords.htm

:lol:


Your information is valued , but it sounds like paranoia.
 

RayAir

Member
Joined
Dec 31, 2005
Messages
1,925
You do know that AES 256 is approved for Top secret don't you? :lol:

Research your router and hardware and use this. https://www.grc.com/passwords.htm

:lol:


Your information is valued , but it sounds like paranoia.

I can guarantee you that the Secret Service isn't using Motorola AES-256 in their radios.

I'm not paranoid, i'm just aware that encryption is not a panacea.. Your 63-digit WPA-PSK or WPA2-AES CCMP keys are what sounds paranoid to me.

Your information is valued.
 
Last edited:

poltergeisty

Truth is a force of nature
Banned
Joined
May 7, 2004
Messages
4,012
Location
RLG, Fly heading 053, intercept 315 DVV
Vs lbhe fb shpxvat cnenabvq nobhg frphevgl, gura lbh fubhyq or noyr gb penpx guvf fvzcyr rapelcgvba va ab gvzr, evtug? V qbhog vg. Lbhe pbaprea bire cebcevrgnel rapelcgvba if gung bs gur srqf vf cnenabvn.

A_Wnl, V pna'g pbagvahr gur fhowrpg ng unaq.
 

shaft

Member
Joined
Jan 26, 2004
Messages
418
Location
Wentzville, Mo
If your so $$$$$$$ paranoid about security, then you should be able to crack this simple encryption in no time, right? I doubt it. Your concern over proprietary encryption vs that of the feds is paranoia.

N_Jay, I can't continue the subject at hand.


Pssht...

Easy speezy
 
Last edited by a moderator:
N

N_Jay

Guest
GSM:
Widely known flaw,
Billions of users/units,
Probably 10's of thousands of hackers,
10 years,
And in another 6 months the average hobbyist 'may' be able to crack the encryption.
 

RayAir

Member
Joined
Dec 31, 2005
Messages
1,925
GSM:
Widely known flaw,
Billions of users/units,
Probably 10's of thousands of hackers,
10 years,
And in another 6 months the average hobbyist 'may' be able to crack the encryption.

You could crack it with your computer if you had the cracking software. They can grab the key in seconds.
 

RayAir

Member
Joined
Dec 31, 2005
Messages
1,925
Vs lbhe fb shpxvat cnenabvq nobhg frphevgl, gura lbh fubhyq or noyr gb penpx guvf fvzcyr rapelcgvba va ab gvzr, evtug? V qbhog vg. Lbhe pbaprea bire cebcevrgnel rapelcgvba if gung bs gur srqf vf cnenabvn.

A_Wnl, V pna'g pbagvahr gur fhowrpg ng unaq.

You're funny, I just saw this, it took about 5 minutes.

DECRYPT:

IF YOUR SO $$$$$$$ PARANOID ABOUT SECURITY THEN YOU SHOULD BE ABLE TO CRACK THIS SIMPLE ENCRYPTION IN NO TIME RIGHT I DOUBT IT YOUR CONCERN OVER PROPRIETARY ENCRYPTION VS THAT OF THE FEDS IS PARANOIANJAY I CANT CONTINUE THE SUBJECT AT HAND
 
Last edited by a moderator:
N

N_Jay

Guest
You could crack it with your computer if you had the cracking software. They can grab the key in seconds.

Why don't you take off your blindfolds and start actually reading just what has and has not been broken,:roll:
 
Status
Not open for further replies.
Top