Secure storage
in [Java Programming]
|
From: Arne Vajhøj on 26 Feb 2010 20:16 On 26-02-2010 04:50, Nigel Wade wrote: > I use eWallet for logon details, and other personal info. > > It's built on 256bit AES encryption. Not the most secure, but secure > enough to defeat most attacks. AES 256 bit is supposed to defeat any attacks. Do you know about a vulnerability? Arne
From: Peter Duniho on 26 Feb 2010 20:38 Arne Vajhøj wrote: > On 26-02-2010 04:50, Nigel Wade wrote: >> I use eWallet for logon details, and other personal info. >> >> It's built on 256bit AES encryption. Not the most secure, but secure >> enough to defeat most attacks. > > AES 256 bit is supposed to defeat any attacks. > > Do you know about a vulnerability? AFAIK, correctly implemented symmetric encryption algorithms using 256-bit keys (like AES 256-bit) are essentially impossible to crack today. Here's an article that suggests that, at the current rate of computer power advancement, in a couple hundred years, someone will be able to easily get through 256-bit AES: http://blogs.zdnet.com/Ou/?p=204 Perhaps Nigel is thinking of asymmetric algorithms, like RSA, which require much longer keys for robustness? A 256-bit RSA encryption is not very secure, but still may be sufficient for the discussion at hand (if there was some other reason to prefer RSA over AES…it's not clear to me what that reason would be). http://en.wikipedia.org/wiki/Key_size#Asymmetric_algorithm_key_lengths Pete
From: Tom Anderson on 26 Feb 2010 20:57 On Fri, 26 Feb 2010, RedGrittyBrick wrote: > On 26/02/2010 02:18, Rhino wrote: >> I'm wondering if anyone here can recommend a secure way to store a list of >> user names and passwords on a Windows XP computer? >> >> I'm looking for an application that will store the data in a way that isn't >> readily decipherable by a hacker who gets on to the system or even a snoopy >> visitor to my house who happens to use the computer. >> >> I'm just trying to find a good way to store my various usernames and >> passwords for the gazillions of accounts that I have in one place or >> another.... >> >> I used to have a nifty little app on my PDA called Memorizer (?) which used >> a non-conventional access method - you had to click on the correct surfaces >> in a complex shape to get in; once you were in, you simply have a nice text >> file that lets you write whatever you want, including usernames and >> passwords. That was handy because if I ever lost my PDA, I knew that no one >> would be able to look at my secret stuff. I'm looking for something similar >> on the PC. >> >> Any ideas? > > http://passwordsafe.sourceforge.net/ Is the right answer. tom -- intelligence, purity, the potential freedom of space, and the potential aesthetics of mathematical computations
From: Thomas Pornin on 26 Feb 2010 22:36 According to Peter Duniho <NpOeStPeAdM(a)NnOwSlPiAnMk.com>: > Here's an article that suggests that, at the current rate of computer > power advancement, in a couple hundred years, someone will be able to > easily get through 256-bit AES It can also easily be shown that even in the ultimately optimistic scenario of being able to test a key with as little energy as needed to bump a single electron between two successive energy levels, and assuming that you are able to channel the whole energy produced by the Sun for the rest of its life (that's about 5 billion years), then exploring a 256-bit key space will still require a few billion stars -- i.e. an entire galaxy. Seems expensive. This basically shows that the current rate of computer advancement cannot plausibly be maintained for the next two hundred years. A quantum computer, if one can finally be built, could reduce the exhaustive key search to 2^128 operation (the square root of the key space size), which is still overly ludicrous but not as impossible as a 256-bit key search. The energy resources available in the solar system might be sufficient for such a feat. > Perhaps Nigel is thinking of asymmetric algorithms, like RSA, which > require much longer keys for robustness? A 256-bit RSA encryption is > not very secure That's the least that can be said. At this page: http://www.alpertron.com.ar/ECM.HTM there is a Java applet which is able to factor numbers up to more than 300 bits. A 256-bit RSA key would not last long. > if there was some other reason to prefer RSA over AES RSA is an asymmetric algorithm. Its point is to give some entities the power to encrypt data without giving them the power to decrypt. This discussion is about a single user storing some data, so there is only one entity involved, i.e. the user himself. Hence, RSA makes no sense here. --Thomas Pornin
From: Peter Duniho on 27 Feb 2010 00:35 Thomas Pornin wrote: > According to Peter Duniho <NpOeStPeAdM(a)NnOwSlPiAnMk.com>: >> Here's an article that suggests that, at the current rate of computer >> power advancement, in a couple hundred years, someone will be able to >> easily get through 256-bit AES > > It can also easily be shown that even in the ultimately optimistic > scenario of being able to test a key with as little energy as needed > to bump a single electron between two successive energy levels, and > assuming that you are able to channel the whole energy produced by > the Sun for the rest of its life (that's about 5 billion years), then > exploring a 256-bit key space will still require a few billion stars > -- i.e. an entire galaxy. Seems expensive. > > This basically shows that the current rate of computer advancement > cannot plausibly be maintained for the next two hundred years. [...] I admit to not being fully versed in the theory involved. But the Wikipedia article points out that the analysis to which you refer makes an assumption about the computations that turns out to not be true. Specifically, there are more efficient ways to do the computation, obviating the theoretical energy requirements according to analysis you're talking about. Pete
First
|
Prev
|
Next
|
Last
Pages: 1 2 3 4 5 Prev: Creating Heap dump , jmap or any other way ? Next: %%% Funny College Girls Nude Video HERE %%% |