Snowden's email provider forced to stop, SilentCircles terminates service too

lexaal · Post by **lexaal** » Sun Aug 11, 2013 9:45 pm

First: it is not 18^26+17^26+... It is 26^18+26^17+26^16... (mrc=noob)

Second: 26^18+26^17+26^16 is equal to (1+1/26+1/(26^2)+....) * 26^18 which is roughly equal to 1.0X * (18 combinations in a nutshell

) ... shorter combinations don't really count.

MrChaos · Post by **MrChaos** » Mon Aug 12, 2013 8:05 am

lexaal wrote:QUOTE (lexaal @ Aug 11 2013, 05:45 PM) First: it is not 18^26+17^26+... It is 26^18+26^17+26^16... (mrc=noob)
Second: 26^18+26^17+26^16 is equal to (1+1/26+1/(26^2)+....) * 26^18 which is roughly equal to 1.0X * (18 combinations in a nutshell ) ... shorter combinations don't really count.

lexaal = not thinking big enough

Truth into Chaotic thinking time:
What I did with the significant thing was do just a quick raise to the power of two in my head. In the case of the power of 2 all the smaller combos are just 1 less then the next bigger power. As a result of the correction post I reinstalled Excel and went

once I realized my leap into silliness
But in the fine tradition of never admit you are completely wrong on the intertubez

I am not sure what you consider "significant" but in this case I do think it is "significant" while just 1% of a 18 symbol password (it is not 26 but 94) tbs but:
By throwing out all of the possible shorter passwords between 8 and 17 that is approx. 353,040,000,000,000,000,000,000,000,000,000 additional tries lost
By throwing out all of the possible shorter passwords it dismisses more possibilities then if the password was only 17 symbols long lost
By throwing out all of the possible shorter passwords and at a million tries a sec that is an additional 119.5 billion billion years (using brute force of course) lost

edit300000: ghost written ghost, ghOst, gh0st, and gh@st is cake even for a human. If the password isn't really random then the above numbers don't really apply for a smarter algorithm and which probably leads right back to where we were a few posts above

for catching my mistakes, some big uns tbs
I blame my mistakes on:
My being to lazy to check my assumptions
My being to lazy to rustle up paper and pencil
My being to lazy to reinstall Excel on this computer
My being to lazy to find where the $#@!ing calculator in Windows 8 is buried

tl;dr
What have we learned?
Size really does matter

Oh and MrChaos = lazy

Viscur · Post by **Viscur** » Mon Aug 12, 2013 9:57 am

quick tip for finding the calculator on most (probably all) windows machines that have it installed.

windows + r, type in calc.

MrChaos · Post by **MrChaos** » Mon Aug 12, 2013 10:11 am

Viscur wrote:QUOTE (Viscur @ Aug 12 2013, 05:57 AM) quick tip for finding the calculator on most (probably all) windows machines that have it installed.

windows + r, type in calc.

!gracias mi amigo!

takingarms1 · Post by **takingarms1** » Mon Aug 12, 2013 1:32 pm

I know only the most basic rudiments of cryptology but I understand that it's a serious science with graduate programs of study dedicated to it. My understanding is that the bottom line is that anything can be decrypted given sufficient resources and time, and those doing the encrypting hope only to make it take too long for the decrypting process to yield anything practical.

The government has been doing this stuff for a long time (since WWII at least), has a lot of resources, and can likely decrypt almost anything very quickly that doesn't use a really strong encryption process.

I do recall when PGP first hit the scene, the US government tried to shut it down. I think they feared nefarious groups would use it to communicate and make it far more difficult for the government to use electronic surveillance. That failed and it's been over 20 years and PGP is still around. I'm guessing the government has found ways to cope.

The conclusion I'm driving at is I don't think encryption is the answer to government intrusion into your privacy. In all likelihood, if they want to, they can crack it. The solution is keeping your government accountable, repealing stupid laws like the Patriot act, and requiring approval of an independent judiciary with actual probable cause before a government is allowed to exercise electronic surveillance against anyone.

raumvogel · Post by **raumvogel** » Mon Aug 12, 2013 1:51 pm

I can remember it easier by thinking of it as an accessory, but the macro thing is cool trivia.

lexaal · Post by **lexaal** » Mon Aug 12, 2013 4:21 pm

Third:

MrChaos wrote:QUOTE (MrChaos @ Aug 12 2013, 10:05 AM) Me being too lazy to check my assumptions

But back to the original point... which I forgot.. but hey, what are you doing next weekend?

QUOTE tl;dr
What have we learned?
Size really does matter

[/quote]
What you should have learned:
"HelloMyNameIsNotSlimShady" vs "5SAk$ji}%" size doesn't matter... it's how you are using it.

germloucks · Post by **germloucks** » Mon Aug 12, 2013 7:49 pm

TakingArms wrote:QUOTE (TakingArms @ Aug 12 2013, 06:32 AM) I know only the most basic rudiments of cryptology but I understand that it's a serious science with graduate programs of study dedicated to it. My understanding is that the bottom line is that anything can be decrypted given sufficient resources and time, and those doing the encrypting hope only to make it take too long for the decrypting process to yield anything practical.

The government has been doing this stuff for a long time (since WWII at least), has a lot of resources, and can likely decrypt almost anything very quickly that doesn't use a really strong encryption process.

I do recall when PGP first hit the scene, the US government tried to shut it down. I think they feared nefarious groups would use it to communicate and make it far more difficult for the government to use electronic surveillance. That failed and it's been over 20 years and PGP is still around. I'm guessing the government has found ways to cope.

The conclusion I'm driving at is I don't think encryption is the answer to government intrusion into your privacy. In all likelihood, if they want to, they can crack it. The solution is keeping your government accountable, repealing stupid laws like the Patriot act, and requiring approval of an independent judiciary with actual probable cause before a government is allowed to exercise electronic surveillance against anyone.

Well noone worth their salt is using old encryption standards these days. It is true that older encryption standards can and were compromised mathematically via computation, but those days are over largely. Asymmetric encryption, which forms the basis of PKI, raises the bar of required computation time so high that its safe to call it impossible. Possible being something that you could sit down and do, or order to be done in a reasonable amount of time. The heat death of the universe is not a reasonable amount of time, nor is 10,000 or even 100 years.

Thats not even the right way to attack asymmetrically encrypted data. You dont screw around trying to guess the other half of a key, you compromise the systems that support the encryption and therefore bypass the whole thing. You see, PKI requires a complicated infrastructure to support it. You need servers that do different roles of generating certificates, registering them, binding them to particular user objects in active directory, a method of validating certificates, etc etc etc. In some schema, there is a whole chain of transitive trust from certificate publshing companies like Verisign and symantec all the way down to a corporations certificate authority. The more complicated something is, the more ways it can be compromised.

So the point im drving at is that no, the government isnt cracking asymmetric encryption keys, they are compromising your computer through vulnerabilities in other programs and plucking the key itself out. Or if they cant get the key, they'll serve you with a court order to decrypt it yourself. Either way the method itself lives up to the hype, its the fact that the encryption methods are a part of a broader insecure infrastructure it has to rely on.

Symmetric encrption, where the key to encrypt is the same as the one used to decrypt, is also mathematically safe. An AES 128 bit key would take 1.02 X 1018 years to decrypt by guessing. Again the vulnerability is not in guessing the key but in compromising the system to obtain the key. AES also supports 256 bit encrption keys as well, making it even more impossible to guess. 1056 years

MrChaos · Post by **MrChaos** » Mon Aug 12, 2013 11:30 pm

What I did learn was once you understand how to use it:

lexaal wrote:QUOTE (lexaal @ Aug 12 2013, 12:21 PM) Third:

But back to the original point... which I forgot.. but hey, what are you doing next weekend?

"HelloMyNameIsNotSlimShady" vs "5SAk$ji}%" size doesn't matter... it's how you are using it.

It all becomes a matter of size again:

lexaal wrote:QUOTE (lexaal @ Aug 11 2013, 05:45 PM) First: it is not 18^26+17^26+... It is 26^18+26^17+26^16... (mrc=noob)
Second: 26^18+26^17+26^16 is equal to (1+1/26+1/(26^2)+....) * 26^18 which is roughly equal to 1.0X * (18 combinations in a nutshell ) ... shorter combinations don't really count.

So 5SAk$ji}%1 and sorry sugar, I'm off finding bigger things to do next weekend. Hey do not worry your secret is definitely safe now that I know the proper way to do things. I will always remember it as times immoral and simply too much fun

MrChaos · Post by **MrChaos** » Mon Aug 12, 2013 11:54 pm

germloucks wrote:QUOTE (germloucks @ Aug 12 2013, 03:49 PM) Well noone worth their salt is using old encryption standards these days. It is true that older encryption standards can and were compromised mathematically via computation, but those days are over largely. Asymmetric encryption, which forms the basis of PKI, raises the bar of required computation time so high that its safe to call it impossible. Possible being something that you could sit down and do, or order to be done in a reasonable amount of time. The heat death of the universe is not a reasonable amount of time, nor is 10,000 or even 100 years.

Thats not even the right way to attack asymmetrically encrypted data. You dont screw around trying to guess the other half of a key, you compromise the systems that support the encryption and therefore bypass the whole thing. You see, PKI requires a complicated infrastructure to support it. You need servers that do different roles of generating certificates, registering them, binding them to particular user objects in active directory, a method of validating certificates, etc etc etc. In some schema, there is a whole chain of transitive trust from certificate publshing companies like Verisign and symantec all the way down to a corporations certificate authority. The more complicated something is, the more ways it can be compromised.

So the point im drving at is that no, the government isnt cracking asymmetric encryption keys, they are compromising your computer through vulnerabilities in other programs and plucking the key itself out. Or if they cant get the key, they'll serve you with a court order to decrypt it yourself. Either way the method itself lives up to the hype, its the fact that the encryption methods are a part of a broader insecure infrastructure it has to rely on.

Symmetric encrption, where the key to encrypt is the same as the one used to decrypt, is also mathematically safe. An AES 128 bit key would take 1.02 X 1018 years to decrypt by guessing. Again the vulnerability is not in guessing the key but in compromising the system to obtain the key. AES also supports 256 bit encrption keys as well, making it even more impossible to guess. 1056 years

Continuing on the size matters theme holy @#(! but it seems only to a point than the motion of the ocean takes over again. Hey as we've seen a number of times already wtf do I really know about this stuff