LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 10-02-2000, 03:45 PM   #1
jeremy
root
 
Registered: Jun 2000
Distribution: Debian, Red Hat, Slackware, Fedora, Ubuntu
Posts: 13,022

Rep: Reputation: 3751Reputation: 3751Reputation: 3751Reputation: 3751Reputation: 3751Reputation: 3751Reputation: 3751Reputation: 3751Reputation: 3751Reputation: 3751Reputation: 3751

NIST announced that Rijndael has been selected as the proposed AES. What is the AES? From the NIST website -
Quote:
The National Institute of Standards and Technology (NIST) has been working with industry and the cryptographic community to develop an Advanced Encryption Standard (AES). The overall goal is to develop a Federal Information Processing Standard (FIPS) that specifies an encryption algorithm(s) capable of protecting sensitive government information well into the next century. The algorithm(s) is expected to be used by the U.S. Government and, on a voluntary basis, by the private sector.
From the little bit I looked into it I liked Twofish, but they probably know more than me

More info - http://csrc.nist.gov/encryption/aes/
Detailed specs on the different proposed algorithms - http://csrc.nist.gov/encryption/aes/round2/r2algs.htm
 
Old 10-02-2000, 03:52 PM   #2
jeremy
root
 
Registered: Jun 2000
Distribution: Debian, Red Hat, Slackware, Fedora, Ubuntu
Posts: 13,022

Original Poster
Rep: Reputation: 3751Reputation: 3751Reputation: 3751Reputation: 3751Reputation: 3751Reputation: 3751Reputation: 3751Reputation: 3751Reputation: 3751Reputation: 3751Reputation: 3751
Interesting

Just saw this on slashdot and thought it was interesting. Someone asked how feasible it is to brute force attack a 256 bit key. The answer (which is paraphrased from Schneier, Applied Cryptography, Second Edition):
Quote:
One of the consequences of the second law of thermodynamics is that a certain amount of energy is necessary to represent information.
... an ideal computer running at 3.2deg Kelvin [temperature of the cosmic background radiation of the universe] would consume 4.4*10^-16 ergs every time it set or cleared a bit.
If we built a Dyson sphere around the sun and captured all of its energy for 32 years, without any loss, we could power a computer to count up to 2^192.
These numbers have nothing to do with the technology of the devices; they are the maximums that thermodynamics will allow. And they strongly imply that brute-force attacks against 256-bit keys will be infeasible until computers are built from something other than mattter and occupy something other than space.
Of course, perhaps Quantum computing will change some or all of this, but I am not qualified to comment on that.

 
Old 10-02-2000, 04:25 PM   #3
bjc
Member
 
Registered: Oct 2000
Location: NYC
Posts: 32

Rep: Reputation: 15
Angry

Like Jeremy, I would hav also chosen TWOFISH as the new NIST standard, and many of my friends would have to...or we ALL might be wrong...
 
Old 10-02-2000, 04:35 PM   #4
jeremy
root
 
Registered: Jun 2000
Distribution: Debian, Red Hat, Slackware, Fedora, Ubuntu
Posts: 13,022

Original Poster
Rep: Reputation: 3751Reputation: 3751Reputation: 3751Reputation: 3751Reputation: 3751Reputation: 3751Reputation: 3751Reputation: 3751Reputation: 3751Reputation: 3751Reputation: 3751
The thing to remember is that with an encryption as strong as what we are talking about here the weak link should always be implementation. Is your info guarded 24/7 (even if it is do you pay your guards enough?), do you check for keyboard logging devices, who else know they passphrase (do they have kids?), etc. The point is if you info is THAT important there are probably easier ways to get it than cracking the encryption.
 
Old 10-05-2000, 06:22 PM   #5
bickford
Member
 
Registered: Jun 2000
Location: SUNY Buffalo
Posts: 79

Rep: Reputation: 15
an excellent point

jeremy,
Good call..... What you were basically describing in part, as I'm sure you know, is social engineering. Humans are by nature fallable and are driven by things other then pure logic. For instance, if you found yourself in want of someones password, you could try and sniff their network or throw a dictionary at a password file, or you could just call up someone who has their password on file, (ISP, bank, friend etc..) and assuming you have some mastery of the language and are a good liar many times you will have their password handed to you. Heck, a sob story about how this person has just died and you are the one remaining relative who needs access to their email so you can have something to remember them by... who could resist giving you their secret information? As long as humans still have access to someone's private information, it's never secure.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Slackware 10.2 =another winner mortal Slackware 12 09-24-2005 01:50 AM
loop aes digi691 Linux - Security 6 05-27-2005 09:11 PM
loop-aes movery Linux - Security 0 01-14-2005 08:29 AM
xinetd vs inetd and the winner is.... alaios Linux - Networking 2 05-28-2004 04:39 AM
and the winner is....? XWolf Red Hat 1 10-21-2003 08:05 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 03:22 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration