Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Distribution: Debian, Red Hat, Slackware, Fedora, Ubuntu
Posts: 13,602
Rep:
NIST announced that Rijndael has been selected as the proposed AES. What is the AES? From the NIST website -
Quote:
The National Institute of Standards and Technology (NIST) has been working with industry and the cryptographic community to develop an Advanced Encryption Standard (AES). The overall goal is to develop a Federal Information Processing Standard (FIPS) that specifies an encryption algorithm(s) capable of protecting sensitive government information well into the next century. The algorithm(s) is expected to be used by the U.S. Government and, on a voluntary basis, by the private sector.
From the little bit I looked into it I liked Twofish, but they probably know more than me
Distribution: Debian, Red Hat, Slackware, Fedora, Ubuntu
Posts: 13,602
Original Poster
Rep:
Interesting
Just saw this on slashdot and thought it was interesting. Someone asked how feasible it is to brute force attack a 256 bit key. The answer (which is paraphrased from Schneier, Applied Cryptography, Second Edition):
Quote:
One of the consequences of the second law of thermodynamics is that a certain amount of energy is necessary to represent information.
... an ideal computer running at 3.2deg Kelvin [temperature of the cosmic background radiation of the universe] would consume 4.4*10^-16 ergs every time it set or cleared a bit.
If we built a Dyson sphere around the sun and captured all of its energy for 32 years, without any loss, we could power a computer to count up to 2^192.
These numbers have nothing to do with the technology of the devices; they are the maximums that thermodynamics will allow. And they strongly imply that brute-force attacks against 256-bit keys will be infeasible until computers are built from something other than mattter and occupy something other than space.
Of course, perhaps Quantum computing will change some or all of this, but I am not qualified to comment on that.
Distribution: Debian, Red Hat, Slackware, Fedora, Ubuntu
Posts: 13,602
Original Poster
Rep:
The thing to remember is that with an encryption as strong as what we are talking about here the weak link should always be implementation. Is your info guarded 24/7 (even if it is do you pay your guards enough?), do you check for keyboard logging devices, who else know they passphrase (do they have kids?), etc. The point is if you info is THAT important there are probably easier ways to get it than cracking the encryption.
jeremy,
Good call..... What you were basically describing in part, as I'm sure you know, is social engineering. Humans are by nature fallable and are driven by things other then pure logic. For instance, if you found yourself in want of someones password, you could try and sniff their network or throw a dictionary at a password file, or you could just call up someone who has their password on file, (ISP, bank, friend etc..) and assuming you have some mastery of the language and are a good liar many times you will have their password handed to you. Heck, a sob story about how this person has just died and you are the one remaining relative who needs access to their email so you can have something to remember them by... who could resist giving you their secret information? As long as humans still have access to someone's private information, it's never secure.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.