Secure storage
in [Java Programming]
|
From: Lew on 27 Feb 2010 03:35 Peter Duniho wrote: >>> Here's an article that suggests that, at the current rate of computer >>> power advancement, in a couple hundred years, someone will be able to >>> easily get through 256-bit AES Thomas Pornin wrote: >> It can also easily be shown that even in the ultimately optimistic The assumption is that this is "ultimately optimistic". There may well be much more efficient mechanisms and/or algorithms that either don't need to test all keys, or somehow test multiple keys simultaneously with less energy than required to "bump a single electron". >> scenario of being able to test a key with as little energy as needed >> to bump a single electron between two successive energy levels, and >> assuming that you are able to channel the whole energy produced by >> the Sun for the rest of its life (that's about 5 billion years), then >> exploring a 256-bit key space will still require a few billion stars >> -- i.e. an entire galaxy. Seems expensive. >> >> This basically shows that the current rate of computer advancement >> cannot plausibly be maintained for the next two hundred years. [...] Peter Duniho wrote: > I admit to not being fully versed in the theory involved. But the > Wikipedia article points out that the analysis to which you refer makes > an assumption about the computations that turns out to not be true. > Specifically, there are more efficient ways to do the computation, > obviating the theoretical energy requirements according to analysis > you're talking about. Lasers passed through holograms are able to elicit correlations in a massively parallel fashion. I'm sure they currently use far more energy than Thomas's "ultimately optimistic" projection, but one can imagine ways in which the massively parallel action surpasses the ratio of one key per electron "bump". One can also envision the use of currently impractical physics, such as string theory or tachyon transitions, to augment quantum effects in such a way as to exceed Thomas's "optimism". History shows us that it's dangerous to predict the impossibility of future advances. That by itself doesn't mean Thomas is wrong, only that it's dangerous to predict ultimate impossibility. -- Lew
From: Tom Anderson on 27 Feb 2010 05:36 On Sat, 27 Feb 2010, Lew wrote: > Peter Duniho wrote: >>>> Here's an article that suggests that, at the current rate of computer >>>> power advancement, in a couple hundred years, someone will be able to >>>> easily get through 256-bit AES > > Thomas Pornin wrote: >>> It can also easily be shown that even in the ultimately optimistic > > The assumption is that this is "ultimately optimistic". There may well be > much more efficient mechanisms and/or algorithms that either don't need to > test all keys, or somehow test multiple keys simultaneously with less energy > than required to "bump a single electron". > >>> scenario of being able to test a key with as little energy as needed >>> to bump a single electron between two successive energy levels, and >>> assuming that you are able to channel the whole energy produced by >>> the Sun for the rest of its life (that's about 5 billion years), then >>> exploring a 256-bit key space will still require a few billion stars >>> -- i.e. an entire galaxy. Seems expensive. >>> >>> This basically shows that the current rate of computer advancement >>> cannot plausibly be maintained for the next two hundred years. [...] > > Peter Duniho wrote: >> I admit to not being fully versed in the theory involved. But the >> Wikipedia article points out that the analysis to which you refer makes an >> assumption about the computations that turns out to not be true. >> Specifically, there are more efficient ways to do the computation, >> obviating the theoretical energy requirements according to analysis you're >> talking about. > > Lasers passed through holograms are able to elicit correlations in a > massively parallel fashion. I'm sure they currently use far more energy than > Thomas's "ultimately optimistic" projection, but one can imagine ways in > which the massively parallel action surpasses the ratio of one key per > electron "bump". One can also envision the use of currently impractical > physics, such as string theory or tachyon transitions, to augment quantum > effects in such a way as to exceed Thomas's "optimism". > > History shows us that it's dangerous to predict the impossibility of future > advances. That by itself doesn't mean Thomas is wrong, only that it's > dangerous to predict ultimate impossibility. Clarke's first law: When a distinguished but elderly scientist states that something is possible, he is almost certainly right. When he states that something is impossible, he is very probably wrong. The correctness of Thomas's argument thus hinges on whether he is elderly :). tom -- taxidermy, high tide marks, sabotage, markets, folklore, subverting, .
From: Roedy Green on 28 Feb 2010 04:15 On Thu, 25 Feb 2010 21:18:38 -0500, "Rhino" <no.offline.contact.please(a)example.com> wrote, quoted or indirectly quoted someone who said : >user names and passwords on a Windows XP computer? >I'm looking for an application that will store the data in a way that isn't >readily decipherable by a hacker who gets on to the system or even a snoopy >visitor to my house who happens to use the computer. See http://mindprod.com/jgloss/password.html In the links section are links to several such products. I use a free program called Software safe. -- Roedy Green Canadian Mind Products http://mindprod.com The major difference between a thing that might go wrong and a thing that cannot possibly go wrong is that when a thing that cannot possibly go wrong goes wrong it usually turns out to be impossible to get at or repair. ~ Douglas Adams (born: 1952-03-11 died: 2001-05-11 at age: 49)
From: Nigel Wade on 1 Mar 2010 06:59 On Fri, 26 Feb 2010 20:16:46 -0500, Arne Vajhøj wrote: > On 26-02-2010 04:50, Nigel Wade wrote: >> I use eWallet for logon details, and other personal info. >> >> It's built on 256bit AES encryption. Not the most secure, but secure >> enough to defeat most attacks. > > AES 256 bit is supposed to defeat any attacks. Sorry, I did not intend to cause any confusion or concern. I am not an expert on encryption, but I think there are more secure encryption methods than 256bit AES. That's all I meant by "not the most secure". I concede that that expression can also have other connotations - I did not mean to imply that. > > Do you know about a vulnerability? No. But then again, that doesn't preclude there being one in this product. It's quite surprising how many encryption algorithms, which in theory are uncrackable, turn out to be severely compromised by their practical implementation. -- Nigel Wade
From: Rhino on 27 Feb 2010 09:23 "Tom Anderson" <twic(a)urchin.earth.li> wrote in message news:alpine.DEB.1.10.1002270155540.15090(a)urchin.earth.li... > On Fri, 26 Feb 2010, RedGrittyBrick wrote: > >> On 26/02/2010 02:18, Rhino wrote: >>> I'm wondering if anyone here can recommend a secure way to store a list >>> of >>> user names and passwords on a Windows XP computer? >>> >>> I'm looking for an application that will store the data in a way that >>> isn't >>> readily decipherable by a hacker who gets on to the system or even a >>> snoopy >>> visitor to my house who happens to use the computer. >>> >>> I'm just trying to find a good way to store my various usernames and >>> passwords for the gazillions of accounts that I have in one place or >>> another.... >>> >>> I used to have a nifty little app on my PDA called Memorizer (?) which >>> used >>> a non-conventional access method - you had to click on the correct >>> surfaces >>> in a complex shape to get in; once you were in, you simply have a nice >>> text >>> file that lets you write whatever you want, including usernames and >>> passwords. That was handy because if I ever lost my PDA, I knew that no >>> one >>> would be able to look at my secret stuff. I'm looking for something >>> similar >>> on the PC. >>> >>> Any ideas? >> >> http://passwordsafe.sourceforge.net/ > > Is the right answer. > Agreed. I downloaded and installed this, poked around with it a bit, and I'm satisfied that this will meet my needs. Or at least my needs at home. I do want to have a look at the web based solution that Jean-Baptiste Nizet mention. I could see that being very handy when I travel and then need to sign into one of my various infrequently used accounts.... -- Rhino
First
|
Prev
|
Next
|
Last
Pages: 1 2 3 4 5 Prev: Creating Heap dump , jmap or any other way ? Next: %%% Funny College Girls Nude Video HERE %%% |