Interesting article on password guessing via cloud computing
Hardeep Singh
hs2412 at gmail.com
Sat Nov 14 16:02:25 CET 2009
Hi David Vedaal and everyone
This is something even I have thought: this seems to be a sure way to
prevent such computing from being able to 'guess' the password. Why is
then, parallel computing being haled as the antidote to privacy?
Regards
Hardeep Singh
http://blog.Hardeep.name
Sent from Delhi, India
On Thu, Nov 5, 2009 at 8:35 PM, <vedaal at hush.com> wrote:
> David Shaw <dshaw () jabberwocky ! com>
> wrote on 2009-11-04 18:34:49 :
>
>>This is not, of course, an OpenPGP "crack", but rather high-speed
>
>>password guessing.
>
> a trivial way to defeat this,
> would be to provide each client with a pgp keypair,
> (physically presented to the client upon the initial transaction
> agreement),
> and then encrypt the zipfile to a key and not even use a passphrase
>
> what would be even more interesting,
> is if it could be done in a way that truecrypt uses to protect its
> encrypted volumes, where the user can choose to use a keyfile as
> well as a passphrase, but it cannot be determined before decryption
> if a keyfile, passphrase, both or only one, has been used
>
> so, imagine if a client has a zipfile encrypted to both a trivial
> password and to a pgp key, and it is not determinable from the
> encrypted file itself, if it was encrypted to a key as well,
>
> all the cloud computing resources available will merrily spin
> themselves into exhaustion ubtil they decide that the passphrase is
> 'probably too long and complex to crack'
>
>
> vedaal
>
>
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users at gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users
>
More information about the Gnupg-users
mailing list