Secure storage
in [Java Programming]
|
From: Christian on 3 Mar 2010 08:11 Am 03.03.2010 01:41, schrieb Arne Vajhøj: > On 02-03-2010 07:36, Christian wrote: >> Am 01.03.2010 21:43, schrieb Arne Vajhøj: >>> On 01-03-2010 06:59, Nigel Wade wrote: >>>> On Fri, 26 Feb 2010 20:16:46 -0500, Arne Vajhøj wrote: >>>>> On 26-02-2010 04:50, Nigel Wade wrote: >>>>>> I use eWallet for logon details, and other personal info. >>>>>> >>>>>> It's built on 256bit AES encryption. Not the most secure, but secure >>>>>> enough to defeat most attacks. >>>>> >>>>> AES 256 bit is supposed to defeat any attacks. >>>> >>>> Sorry, I did not intend to cause any confusion or concern. I am not an >>>> expert on encryption, but I think there are more secure encryption >>>> methods than 256bit AES. That's all I meant by "not the most secure". I >>>> concede that that expression can also have other connotations - I >>>> did not >>>> mean to imply that. >>> >>> What encryption methods ? >>> >>> AFAIK then AES is consider the most secure among the widely used >>> algorithms. >>> >>> And it is approved by NSA for "top secret" data. >>> >>> >>>>> Do you know about a vulnerability? >>>> >>>> No. But then again, that doesn't preclude there being one in this >>>> product. It's quite surprising how many encryption algorithms, which in >>>> theory are uncrackable, turn out to be severely compromised by their >>>> practical implementation. >>> >>> With brute force impossible and no known mathematical attack angels, >>> then implementation disasters is what is left to hope for. >> >> Actually AES I would never try to encrypt anything with known >> plaintext... too many attacks go into that direction.. >> i.e. use CBC not ECB ... > > That is wellknown. > > Most people have hopefully seen the Tux pictures. > >> But besides this one example of a more secure Encryption than AES-256 Bit >> is using AES-128 Bit .. >> as recent attacks show the keylength is exploitable and makes the >> attack on AES easier. >> Strange result.. though be aware of it AES-128 is more secure than >> AES-256 currently > > I don't think there is evidence for that. > > It has been shown that encryption using 11/14 of AES 256 > bit is vulnerable to attacks (that if I understand correctly > requires access to plaintext samples and use of multiple > secret keys that are related in a known way) while AES 128 > bit does not suffer from the same problem. > > That does not prove that a full AES 256 bit is less > secure than a full AES 256 bit. > > Arne It does not proove totally, still Crypto Experts like Bruce Schneier recommend use of AES 128 over AES 256 Problem is these recent attacks show that there are problems in AES and that security margins specially for 256 Bit version and its key schedule might be lower than thought. IANCE (=I am no Crypto Expert)
First
|
Prev
|
Pages: 1 2 3 4 5 Prev: Creating Heap dump , jmap or any other way ? Next: %%% Funny College Girls Nude Video HERE %%% |