[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] Introducing TGP...

To: Brandon Enright <bmenrigh@xxxxxxxx>
Subject: Re: [Full-disclosure] Introducing TGP...
From: "Thor (Hammer of God)" <Thor@xxxxxxxxxxxxxxx>
Date: Wed, 16 Jun 2010 22:23:04 +0000

> You're using a 1024 bit key here which seems a bit gutsy ;-)
> 
> Without better attacks, you basically have:
> 
> Brute force AES 256 -> O(2^256)
> Bruce force your 20 char password -> roughly O(2^(20*7)) == O(2^140) Factor
> your 1024 bit public modulus -> roughly O(2^80)
> 
> Since a 768 bit RSA key has already been factored I'd say you only have a few
> years before a moderately sized cluster could factor your public key.
> 
> Of course, as I write this I realize I'm about to sign this message with a 
> 1024
> bit DSA key...

Actually it's 2048, which I was comfortable with.  And don't forget the 16bit 
salt on that password ;)

t

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Follow-Ups:
- Re: [Full-disclosure] Introducing TGP...
  - From: Brandon Enright

References:
- Re: [Full-disclosure] Introducing TGP...
  - From: lsi
- Re: [Full-disclosure] Introducing TGP...
  - From: Valdis . Kletnieks
- Re: [Full-disclosure] Introducing TGP...
  - From: lsi
- Re: [Full-disclosure] Introducing TGP...
  - From: Thor (Hammer Of God)
- Re: [Full-disclosure] Introducing TGP...
  - From: Brandon Enright

Prev by Date: Re: [Full-disclosure] Introducing TGP...
Next by Date: [Full-disclosure] iDefense Security Advisory 06.16.10: Samba 3.3.12 Memory Corruption Vulnerability
Previous by thread: Re: [Full-disclosure] Introducing TGP...
Next by thread: Re: [Full-disclosure] Introducing TGP...
Index(es):
- Date
- Thread