[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] Introducing TGP...

To: full-disclosure@xxxxxxxxxxxxxxxxx
Subject: Re: [Full-disclosure] Introducing TGP...
From: "lsi" <stuart@xxxxxxxxxxxxxx>
Date: Mon, 14 Jun 2010 11:47:42 +0100

On 14 Jun 2010 at 4:23, Thor (Hammer of God) wrote:

> >> create a private key with a strong password, post that, and then, say,
> >> encrypt a scan of your passport and post that.
> >
> >So, I think this is a dumb idea... :)
> >
> >You might think your crypto is secure right now, but in 5 years there might 
> >be
> >a big hole in it.  If copies of your passport are floating about on the net, 
> >you
> >can't even delete them, and certainly cannot prevent anyone using the new
> >crack against your old crypto.
> 
> Of course you think it's a dumb idea.  But according to you, in 3
> years, all the computers in the world will screech to a grinding halt
> because of what Symantec says are "new threats."   How can anyone use
> the "new crack" when they can't turn their computers on?

No, only Windows machines will be grinding to a halt.  OTOH, my sleek 
unix boxen will be whizzing along nicely.... just waiting for some 
interesting work to do, such as cracking some files protected by 
ancient crypto.  

Even if nobody finds a weakness in the algorithm you used, 5 years 
from now I will probably have enough spare CPU to brute-force it 
using my mobile phone....

If you were posting docs with a shorter shelf-life there would be 
less danger.  But a passport is always useful.... 

> >If, of course you think I'm speaking tripe, go ahead and post it...
> 
> Here it is!  Go nuts.

That's too small to be a passport scan.

> Timothy has developed and implemented networking and application
> security solutions for institutions such as ... Microsoft .... Timothy
> has been a columnist for Security Focus´ Microsoft section, 

Uh-huh....

Stu

---
Stuart Udall
stuart at@xxxxxxxxxxxxxx net - http://www.cyberdelix.net/

--- 
 * Origin: lsi: revolution through evolution (192:168/0.2)

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Follow-Ups:
- Re: [Full-disclosure] Introducing TGP...
  - From: Christian Sciberras
- Re: [Full-disclosure] Introducing TGP...
  - From: Thor (Hammer of God)
- Re: [Full-disclosure] Introducing TGP...
  - From: Pavel Kankovsky

References:
- Re: [Full-disclosure] **SPAM** Introducing TGP...
  - From: lsi
- Re: [Full-disclosure] **SPAM** Introducing TGP...
  - From: Thor (Hammer of God)

Prev by Date: Re: [Full-disclosure] Fw: [irc-security] UnrealIRCd 3.2.8.1 backdoored on official ftp and site
Next by Date: Re: [Full-disclosure] Introducing TGP...
Previous by thread: Re: [Full-disclosure] **SPAM** Introducing TGP...
Next by thread: Re: [Full-disclosure] Introducing TGP...
Index(es):
- Date
- Thread